cube-1.6 | Snyk

Direct Vulnerabilities

Known vulnerabilities in the cube-1.6 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L CVE-2026-8723	*
L CVE-2026-44495	*
L CVE-2026-44705	*
L CVE-2026-44489	*
L CVE-2026-44494	*
L CVE-2026-44490	*
L CVE-2026-44492	*
L Uncontrolled Recursion	*
L Permissive Whitelist	*
C Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L Improper Encoding or Escaping of Output	*
M Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
H Uncontrolled Recursion	*
L CVE-2026-3449	*
L XML Injection	*
L Uncontrolled Recursion	*
L Inefficient Regular Expression Complexity	*
M HTTP Response Splitting	*
L CRLF Injection	*
L Allocation of Resources Without Limits or Throttling	*
L Inefficient Regular Expression Complexity	*
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
C Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
H Out-of-bounds Write	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L Algorithmic Complexity	*
L Resource Exhaustion	*
M Cross-site Scripting (XSS)	*
M Improper Authentication	*
M CVE-2026-2950	*
L Resource Exhaustion	*
H CVE-2026-2391	*
L CVE-2025-7783	*
M Directory Traversal	*
L Inefficient Regular Expression Complexity	*
H Arbitrary Code Injection	*
C CVE-2026-4800	*
L GHSA-72hv-8253-57qq	*
H Resource Exhaustion	*
C Permissive Whitelist	*
L GHSA-6v7q-wjvx-w8wg	*
H Directory Traversal	*
M Directory Traversal	*
L GHSA-r4q5-vmmm-2653	*
H Server-Side Request Forgery (SSRF)	*
L Uncontrolled Recursion	*
H Improper Input Validation	*
L Allocation of Resources Without Limits or Throttling	*
L Directory Traversal	*
L XML Injection	*
C Improperly Controlled Modification of Dynamically-Determined Object Attributes	*
M Inefficient Regular Expression Complexity	*
M CVE-2018-16487	*
H Out-of-Bounds	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
C Unintended Proxy or Intermediary ('Confused Deputy')	*
L GHSA-5v72-xg48-5rpm	*
H Inefficient Regular Expression Complexity	*
M Link Following	*
H Arbitrary Code Injection	*
L Inefficient Regular Expression Complexity	*
L XML Injection	*
L CVE-2025-15284	*
L CRLF Injection	*
L Directory Traversal	*
H Uncontrolled Recursion	*
L CVE-2026-4867	*
L HTTP Response Splitting	*

Vulnerability

Vulnerable Version

CVE-2026-8723