API - API Security Blog

GHSA-H27M-3QW8-3PW8 Possible ORM Leak Vulnerability in the Harbor

Impact Administrator users on Harbor could exploit an ORM Leak (https://www.elttam.com/blog/plormbing-your-django-orm/) vulnerability that was present in the /api/v2.0/users endpoint to leak users ...

July 24, 2025

GHSA-4J66-8F4R-3PJX bun vulnerable to OS Command Injection

All versions of the package bun are vulnerable to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the $ shell API due to improper neutralization ...

July 24, 2025

[SECURITY] [DLA 4249-1] mediawiki security update

Debian LTS Advisory DLA-4249-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 23, 2025 https: ...

July 24, 2025

CVE-2025-54134

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an AP ...

July 24, 2025

CVE-2025-53832

Lara Translate MCP Server is a Model Context Protocol (MCP) Server for Lara Translate API. Versions 0.0.11 and below contain a command injection vulnerability which exists in the @translated/lara-mcp ...

July 24, 2025

CVE-2025-53528

Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions before 5.4.3, the version parameter of the "/docs" endpoint is vulnerable t ...

July 24, 2025

CVE-2025-31513

An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can elevate to administrator privileges via the IsAdminApprover parameter in a Request%20Building%20Access requestSubmit API...Rea ...

July 24, 2025

CVE-2025-31511

An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user ID in a Request%20Building%20Access requestSubmit API...Read More ...

July 24, 2025