Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.27 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.27 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in dompurify-3.2.5.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in dompurify-3.2.5.tgz Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.17 bug fix and security update

Red Hat OpenShift Container Platform release 4.19.17 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...

EUVD-2020-1486

Malware in sbrugna...

EUVD-2021-1014

Malware in sbrugna...

EUVD-2020-0615

Malware in sbrugna...

EUVD-2023-0631

Malicious code in bioql PyPI...

EUVD-2024-3438

Malicious code in bioql PyPI...

EUVD-2023-2923

Malicious code in bioql PyPI...

EUVD-2025-15175

Malicious code in bioql PyPI...

EUVD-2024-2835

Malicious code in bioql PyPI...

EUVD-2025-4245

Malicious code in bioql PyPI...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in dompurify-3.2.4.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of dompurify-3.2.4.tgz Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE:...

Security Bulletin: IBM Fusion and IBM Fusion HCI are vulnerable to cross-site scripting due to DOMPurify (WS-2024-0017)

Summary The Fusion Web UI uses DOMPurify which is vulnerable to an attacker bypassing sanitizers and executing JavaScript code. WS-2024-0017 Vulnerability Details WSID: WS-2024-0017 DESCRIPTION: Insufficient checks in DOMPurify allows an attacker to bypass sanitizers and execute arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2020-26870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a...

Linux Distros Unpatched Vulnerability : CVE-2019-25155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel=noopener noreferrer' attribute. CVE-2019-25155...

Linux Distros Unpatched Vulnerability : CVE-2019-16728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...

CLSA-2025-1757427057 grafana: Fix of CVE-2022-23552

CVE-2022-23552: sanitize SVG inputs in GeoMap by adding a dompurify preprocessor step, preventing stored XSS where malicious SVG could execute arbitrary JavaScript...

Security Bulletin: A vulnerability in DOMPurify may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-48050)

Summary There is a vulnerability in DOMPurify used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before 6bc6d60,...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in dompurify-2.5.8.tgz

Summary IBM Watson Discovery Cartridge contains a vulnerable version of dompurify-2.5.8.tgz Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS. CWE:CWE-79:...