Skip to main content

Workspaces

4 CVEs product

Monthly

CVE-2026-45772 npm PATCH GHSA Monitor

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted repositories that contain malicious Yarn configuration. In affected versions, package manager detection executed yarn --version from the project directory, which could cause Yarn to load and execute a project-controlled yarnPath from .yarnrc.yml. An attacker who controls repository contents could cause code execution when a user or CI system runs affected turbo, @turbo/codemod, or @turbo/workspace conversion commands. This vulnerability is fixed in 2.9.14.

RCE Turborepo Codemod Workspaces Vercel
NVD GitHub VulDB
EPSS
0.1%
CVE-2021-43638 HIGH POC This Week

Amazon Amazon WorkSpaces agent is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service RCE Workspaces
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-43637 HIGH POC This Week

Amazon WorkSpaces agent is affected by Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Workspaces
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2017-9370 HIGH This Week

An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Workspaces
NVD
CVSS 3.0
8.8
EPSS
0.3%
EPSS 0%
PATCH Monitor

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted repositories that contain malicious Yarn configuration. In affected versions, package manager detection executed yarn --version from the project directory, which could cause Yarn to load and execute a project-controlled yarnPath from .yarnrc.yml. An attacker who controls repository contents could cause code execution when a user or CI system runs affected turbo, @turbo/codemod, or @turbo/workspace conversion commands. This vulnerability is fixed in 2.9.14.

RCE Turborepo Codemod +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Amazon Amazon WorkSpaces agent is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Amazon WorkSpaces agent is affected by Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Workspaces
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy