39 matches found
EUVD-2026-35059
A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...
CVE-2026-5128
...
PT-2026-29007
Name of the Vulnerable Software and Affected Versions ArthurFiorette steam-trader version 2.1.1 Description A sensitive information exposure issue exists. An unauthenticated attacker can send a request to the /users API endpoint to retrieve sensitive Steam account data, including the account...
RUSTSEC-2025-0116 tandem_garble_interop is unmaintained
The tandem crates in https://github.com/sine-fdn are no longer maintained by the SINE Foundation. The repository has been archived. Recommended alternative We are continuing our work on SMPC by implementing our secure multi-party computation engine Polytune...
tandem_garble_interop is unmaintained
The tandem crates in https://github.com/sine-fdn are no longer maintained by the SINE Foundation. The repository has been archived. Recommended alternative We are continuing our work on SMPC by implementing our secure multi-party computation engine Polytune...
GHSA-WWXP-HXH6-8GF8 binary_vec_io access memory out-of-bounds in binary_read_to_ref and binary_write_from_ref
Safe functions accept a single &T or &mut T but multiply by n to create slices extending beyond allocated memory when n 1. These functions use fromrawparts to create slices larger than the underlying allocation, violating memory safety. The binaryvecio repository is archived and unmaintained...
EUVD-2024-50062
Malicious code in bioql PyPI...
CVE-2024-9623
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository...
PYSEC-2025-8 After the owner removed the project from PyPI, another user uploaded a new version with non-working code
The pygments-style-solarized project was removed from PyPI by its owner on 2021-08-26. The GitHub repository was also updated to show unmaintained, and archived on 2025-08-31. Another user uploaded a new version, 100.10.7, which contains non-working code, with clear language that it intends to be...
resolve is unmaintained
resolve crate's GitHub repository is archived with no commits for seven years. Latest crates.io release is also seven years old. Possible alternatives hickory-resolver...
RUSTSEC-2025-0013 resolve is unmaintained
resolve crate's GitHub repository is archived with no commits for seven years. Latest crates.io release is also seven years old. Possible alternatives hickory-resolver...
PT-2025-10140 · Crates.Io · Resolve
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The software's GitHub repository has been archived with no commits for seven years, and the latest release on crates.io is also seven years old. Recommendations: At the moment, there is no...
RUSTSEC-2025-0026 registry is unmaintained
The author has archived the GitHub repository and mentions deprecation in project's README. Possible alternatives windows-registry...
registry is unmaintained
The author has archived the GitHub repository and mentions deprecation in project's README. Possible alternatives windows-registry...
gtk-layer-shell-sys GTK3 bindings - no longer maintained
The gtk-layer-shell-sys GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-layer-shell instead...
RUSTSEC-2024-0422 gtk-layer-shell GTK3 bindings - no longer maintained
The gtk-layer-shell GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-layer-shell instead...
RUSTSEC-2024-0423 gtk-layer-shell-sys GTK3 bindings - no longer maintained
The gtk-layer-shell-sys GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-layer-shell instead...
BIT-GITLAB-2024-9623 Incorrect Authorization in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository...
GitLab 11.4 < 17.2.9 / 17.3 < 17.3.5 / 17.4 < 17.4.2 (CVE-2024-5005)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Key...
CVE-2024-9623
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository...