rpm package
opensuse/python-bqplot&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-bqplot&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27601 | Med | 5.9 | < 0.12.45-14.1 | 0.12.45-14.1 | Mar 3, 2026 | Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the _.flatten and _.isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service (DoS) attack by triggering a s | |
| CVE-2026-25547 | Cri | — | < 0.12.45-14.1 | 0.12.45-14.1 | Feb 4, 2026 | @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated nume | |
| CVE-2025-9287 | — | < 0.12.45-12.1 | 0.12.45-12.1 | Aug 20, 2025 | Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4. | ||
| CVE-2025-54798 | — | < 0.12.45-13.1 | 0.12.45-13.1 | Aug 7, 2025 | tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4. | ||
| CVE-2025-5889 | Low | 3.1 | < 0.12.45-10.1 | 0.12.45-10.1 | Jun 9, 2025 | A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be l |
- affected < 0.12.45-14.1fixed 0.12.45-14.1
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the _.flatten and _.isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service (DoS) attack by triggering a s
- affected < 0.12.45-14.1fixed 0.12.45-14.1
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated nume
- CVE-2025-9287Aug 20, 2025affected < 0.12.45-12.1fixed 0.12.45-12.1
Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.
- CVE-2025-54798Aug 7, 2025affected < 0.12.45-13.1fixed 0.12.45-13.1
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
- affected < 0.12.45-10.1fixed 0.12.45-10.1
A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be l