Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-c94v-8fff-73ph

GitHub Security Advisory

Command Injection in @theia/messages

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.

Affected Packages

npm @theia/messages
Affected versions: 0 (fixed in 1.0.0)

Related CVEs

CVE-2021-28162

Key Information

GHSA ID
GHSA-c94v-8fff-73ph
Published
May 10, 2021 3:36 PM
Last Modified
May 7, 2021 5:57 PM
CVSS Score
5.0 /10
Primary Ecosystem
npm
Primary Package
@theia/messages
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 25, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.