Homepage

cal.diy-6.1

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the cal.diy-6.1 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • H
CVE-2026-2391

*
  • L
GHSA-x565-32qp-m3vf

*
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • L
Improper Input Validation

*
  • L
Incorrect Regular Expression

*
  • C
CVE-2026-4800

*
  • C
Arbitrary Code Injection

*
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • L
CVE-2026-3449

*
  • L
XML Injection

*
  • L
Improper Handling of Unicode Encoding

*
  • L
Improper Handling of Highly Compressed Data (Data Amplification)

*
  • L
XML Injection

*
  • M
Cross-site Scripting (XSS)

*
  • L
CVE-2024-55565

*
  • L
Improper Verification of Cryptographic Signature

*
  • M
Cross-site Request Forgery (CSRF)

*
  • L
Permissive Whitelist

*
  • M
CVE-2026-27977

*
  • L
Allocation of Resources Without Limits or Throttling

*
  • L
Cross-site Scripting (XSS)

*
  • H
Information Exposure

*
  • L
Improper Validation of Specified Quantity in Input

*
  • L
Allocation of Resources Without Limits or Throttling

*
  • H
Cross-site Scripting (XSS)

*
  • L
GHSA-r4q5-vmmm-2653

*
  • L
XML Injection

*
  • L
SQL Injection

*
  • L
Improper Encoding or Escaping of Output

*
  • L
Directory Traversal

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • L
CVE-2026-8723

*
  • L
GHSA-q4gf-8mx6-v5v3

*
  • L
Reversible One-Way Hash

*
  • L
Arbitrary Code Injection

*
  • C
Permissive Whitelist

*
  • L
Server-Side Request Forgery (SSRF)

*
  • L
GHSA-vvjj-xcjg-gr5g

*
  • H
Uncontrolled Recursion

*
  • H
Incorrect Behavior Order: Validate Before Canonicalize

*
  • H
Server-Side Request Forgery (SSRF)

*
  • L
Allocation of Resources Without Limits or Throttling

*
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • M
Improper Authentication

*
  • H
Out-of-bounds Write

*
  • L
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

*
  • L
Resource Exhaustion

*
  • L
Interpretation Conflict

*
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • L
Uncontrolled Recursion

*
  • L
OS Command Injection

*
  • L
Server-Side Request Forgery (SSRF)

*
  • L
Authentication Bypass

*
  • M
CVE-2026-2950

*
  • M
Cross-site Scripting (XSS)

*
  • L
Cross-site Scripting (XSS)

*
  • L
XML Injection

*
  • L
SQL Injection

*
  • L
Uncontrolled Recursion

*
  • C
Improper Certificate Validation

*
  • H
Inefficient Regular Expression Complexity

*
  • L
Authentication Bypass

*
  • L
Allocation of Resources Without Limits or Throttling

*
  • H
Resource Exhaustion

*
  • L
GHSA-8h8q-6873-q5fj

*
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • C
Improperly Controlled Modification of Dynamically-Determined Object Attributes

*
  • L
Cross-site Scripting (XSS)

*
  • H
Buffer Overflow

*
  • M
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • C
Unintended Proxy or Intermediary ('Confused Deputy')

*
  • L
Arbitrary Code Injection

*
  • H
Arbitrary Code Injection

*
  • L
Authentication Bypass

*
  • M
HTTP Response Splitting

*
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • L
GHSA-442j-39wm-28r2

*
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
HTTP Request Smuggling

*
  • L
Improper Check for Unusual or Exceptional Conditions

*
  • H
CVE-2026-2327

*
  • H
Uncontrolled Recursion

*
  • L
Inefficient Regular Expression Complexity

*
  • L
XML Injection

*
  • H
Resource Exhaustion

*
  • M
Acceptance of Extraneous Untrusted Data With Trusted Data

*
  • L
Race Condition

*
  • L
Arbitrary Code Injection

*
  • L
Arbitrary Code Injection

*
  • L
GHSA-6475-r3vj-m8vf

*
  • L
Improper Input Validation

*
  • L
CRLF Injection

*
  • L
Directory Traversal

*
  • L
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

*
  • L
GHSA-7rx3-28cr-v5wh

*
  • L
Unintended Proxy or Intermediary ('Confused Deputy')

*
  • M
Directory Traversal

*
  • L
Algorithmic Complexity

*
  • L
Improper Check for Unusual or Exceptional Conditions

*
  • L
GHSA-c7w3-x93f-qmm8

*
  • L
CVE-2026-2739

*
  • L
Incorrect Authorization

*
  • L
Arbitrary Code Injection

*
  • H
Use of Uninitialized Resource

*
  • L
HTTP Response Splitting

*