Insecure Temporary File

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Insecure Temporary File via the...

CVE-2026-35020

Rejected reason: This CVE ID has been rejected by the its CVE Numbering Authority CNA. It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model ...

Arbitrary Code Injection

Overview @siteboon/claude-code-ui is an A web-based UI for Claude Code CLI Affected versions of this package are vulnerable to Arbitrary Code Injection in the git-config endpoint due to improper sanitization of user-supplied input in shell command construction. An attacker can execute arbitrary O...

EUVD-2025-19068

Malicious code in bioql PyPI...

Using Spring AI 1.0.0-SNAPSHOT: Important Changes and Updates

Using Spring AI 1.0.0-SNAPSHOT: Important Changes and Updates Spring AI 1.0.0-SNAPSHOT introduces several important changes to artifact IDs, dependency management, and autoconfiguration. This blog post outlines these changes and provides guidance on how to update your projects. The most significa...