EUVD-2024-31871

Malicious code in bioql PyPI...

EUVD-2025-12810

Malicious code in bioql PyPI...

CLSA-2025-1759497739 perl-HTTP-Tiny: Fix of CVE-2023-31486

CVE-2023-31486: fix insecure default TLS configuration - Enable automated tests during build...

DependencyCheck

This is an open-source project for a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies. The project is called OWASP dependency-check. The project is written in Java and is designed to be used in a variety of environments, including...

Linux Distros Unpatched Vulnerability : CVE-2018-6574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow go get remote command execution during source code build, by leveraging...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to incorrect permissions set on the /etc/passwd file during the build process. An attacker can gain elevated privileges by modifying the /etc/passwd file if they have the ability to execute commands...

GHSA-94V7-WXJ6-R2Q5 multicast in source builds from vulnerable setuptools dependency

Impact Some source-builds may be impacted by a CWE-1395 eg. vulnerable setuptools dependency. Multicast prior to v2.0.9a3 on systems with minimal dependancies installed may use setuptools =80.4 Pre-release version v2.0.9a3 and later are recommended for improved stability over v2.0.9a0 Workarounds...

multicast in source builds from vulnerable setuptools dependency

Impact Some source-builds may be impacted by a CWE-1395 eg. vulnerable setuptools dependency. Multicast prior to v2.0.9a3 on systems with minimal dependancies installed may use setuptools =80.4 Pre-release version v2.0.9a3 and later are recommended for improved stability over v2.0.9a0 Workarounds...

CVE-2024-52582

Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This...

CVE-2021-41077

The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. In particular, the desired behavior if .travis.yml has been created locally by a customer, and...

SUSE CVE-2025-47153

Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs20.19.0+dfsg-2i386.deb for Debian GNU/Linux, have an inconsistent offt size e.g., building on i386 Debian always uses FILEOFFSETBITS=64 for the libuv dynamic library, but uses the...

CVE-2025-47153

Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs20.19.0+dfsg-2i386.deb for Debian GNU/Linux, have an inconsistent offt size e.g., building on i386 Debian always uses FILEOFFSETBITS=64 for the libuv dynamic library, but uses the...

PT-2025-18371 · Libuv +2 · Libuv +2

Name of the Vulnerable Software and Affected Versions: libuv and Node.js versions prior to nodejs 20.19.0+dfsg-2 i386.deb Description: The issue arises from certain build processes for libuv and Node.js on 32-bit systems, where the off t size is inconsistent. This inconsistency occurs because the...

CVE-2025-3047

When running the AWS Serverless Application Model Command Line Interface SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A use...

CVE-2024-11218

A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the hos...

CVE-2024-45497

The CVE-2024-45497 entry describes a flaw in the OpenShift build process where a docker-build container mounts the node’s /var/lib/kubelet/config.json via a hostPath volume into the build pod. The config.json contains credentials for pulling private images, and the mount is not read-only, enablin...

CVE-2024-45497 Openshift-api: openshift-controller-manager/build: build process in openshift allows overwriting of node pull credentials

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...

CVE-2024-45497 Openshift-api: openshift-controller-manager/build: build process in openshift allows overwriting of node pull credentials

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...

GHSA-49W6-73CW-CHJR Astro's server source code is exposed to the public if sourcemaps are enabled

Summary A bug in the build process allows any unauthenticated user to read parts of the server source code. Details During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible folder...

Astro's server source code is exposed to the public if sourcemaps are enabled

Summary A bug in the build process allows any unauthenticated user to read parts of the server source code. Details During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible folder...