ip is a Node library.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the ip.isPublic() and ip.isPrivate() functions. An attacker can interact with internal network resources by supplying specially crafted IP address such as octal localhost format ("017700000001") that is incorrectly identified as public.

Note:

This issue exists because of an incomplete fix for CVE-2024-29415.

PyMuPDF is an A high performance Python library for data extraction, analysis, conversion & manipulation of PDF (and other) documents.

Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime through the /pdf/pdf-font-add.c component. An attacker can obtain sensitive information by exploiting a memory leak issue.

org.webjars.npm:element-plus is an A Component Library for Vue 3

Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the href attribute handling in the el-link component. An attacker can execute arbitrary scripts, redirect users to malicious sites, or conduct phishing attacks by supplying crafted URLs containing dangerous protocols or destinations.