Vulnerabilities	2 via 72 paths
Dependencies	401
Source	GitHub

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications

Issue type

Vulnerabilities
2
License issues
1

Severity

Critical
High
2
Medium
1
Low

Status

Open
3
Patched
0
Ignored
0

high severity

Allocation of Resources Without Limits or Throttling

Vulnerable module: file-type
Introduced through: crawlee@3.16.0

Detailed paths

Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/http@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/cheerio@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/jsdom@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/playwright@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/puppeteer@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/browser-pool@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/playwright@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/playwright@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/puppeteer@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/cheerio@3.16.0 › @crawlee/http@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/jsdom@3.16.0 › @crawlee/http@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/linkedom@3.16.0 › @crawlee/http@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/browser-pool@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/playwright@3.16.0 › @crawlee/browser-pool@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/puppeteer@3.16.0 › @crawlee/browser-pool@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/playwright@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/puppeteer@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/cheerio@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/jsdom@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/linkedom@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/playwright@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/puppeteer@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/cheerio@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/jsdom@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/linkedom@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/playwright@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/browser-pool@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/puppeteer@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/browser-pool@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0

Overview

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the processing of ZIP-based file type detection via the fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile functions. An attacker can cause excessive memory consumption by submitting a large [Content_Types].xml entry.

Remediation

Upgrade file-type to version 21.3.2 or higher.

References

Allocation of Resources Without Limits or Throttling vulnerability report

high severity

GPL-3.0 license

Module: idcac-playwright
Introduced through: crawlee@3.16.0

Detailed paths

Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/puppeteer@3.16.0 › idcac-playwright@0.2.0

GPL-3.0 license

GPL-3.0 license vulnerability report

medium severity

Infinite loop

Vulnerable module: file-type
Introduced through: crawlee@3.16.0

Detailed paths

Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/http@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/cheerio@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/jsdom@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/playwright@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/puppeteer@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/browser-pool@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/playwright@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/playwright@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/puppeteer@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/cheerio@3.16.0 › @crawlee/http@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/jsdom@3.16.0 › @crawlee/http@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/linkedom@3.16.0 › @crawlee/http@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/browser-pool@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/playwright@3.16.0 › @crawlee/browser-pool@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/puppeteer@3.16.0 › @crawlee/browser-pool@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/playwright@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/puppeteer@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/cheerio@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/jsdom@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/linkedom@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/playwright@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/puppeteer@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/cheerio@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/jsdom@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/linkedom@3.16.0 › @crawlee/http@3.16.0 › @crawlee/basic@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/playwright@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/browser-pool@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0
Introduced through: @houtini/seo-crawler-mcp@houtini-ai/seo-crawler-mcp › crawlee@3.16.0 › @crawlee/puppeteer@3.16.0 › @crawlee/browser@3.16.0 › @crawlee/browser-pool@3.16.0 › @crawlee/core@3.16.0 › @crawlee/utils@3.16.0 › file-type@20.5.0

Overview

Affected versions of this package are vulnerable to Infinite loop in the FileTypeParser class. This is triggered when the ASF (WMV/WMA) parser receives input including an ASF sub-header with a size value of 0. An attacker can interrupt service with a 55-byte payload.

Remediation

Upgrade file-type to version 21.3.1 or higher.

References

GitHub Commit

Infinite loop vulnerability report

Vulnerabilities

Dependencies

Source

Find, fix and prevent vulnerabilities in your code.

high severity

Allocation of Resources Without Limits or Throttling

Detailed paths

Overview

Remediation

References

high severity

GPL-3.0 license

Detailed paths

medium severity

Infinite loop

Detailed paths

Overview

Remediation

References