org.apache.atlas:atlas-catalog (>=0.8-incubating <=0.8.4), org.apache.atlas:atlas-index-repair-tool (>=2.2.0 <=2.4.0) +2 more potentially affected by CVE-2026-40563 via org.apache.atlas:atlas-repository (>=0.8-incubating <=2.4.0)

org.apache.atlas:atlas-repository MAVEN version =0.8-incubating, =0.8-incubating, =2.2.0, =0.8.3, =0.8-incubating, =2.4.0 Source cves: CVE-2026-40563 Source advisory: SNYK:JAVA-ORGAPACHEATLAS-16422860...

Arbitrary Code Injection

Overview org.apache.atlas:atlas-repository is an Apache Atlas Repository Module Affected versions of this package are vulnerable to Arbitrary Code Injection in the DSL search endpoint. An attacker can execute arbitrary code by placing malicious Gremlin traversal logic within grammar-allowed...

Malicious code in atlas-repository-nova-eclipse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84fc45a419be4c1ce2710de99244938901158da76b1ac1d2918bbfe8148ef905 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-180248

Malicious code in atlas-repository-nova-eclipse npm...

MAL-2025-185640 Malicious code in atlas-repository-nova-eclipse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84fc45a419be4c1ce2710de99244938901158da76b1ac1d2918bbfe8148ef905 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...