EUVD-2025-113801

Malicious code in event-deimos-mini-css-extract-plugin-mira npm...

MAL-2025-144970 Malicious code in mini-css-extract-plugin-capella-lacerta-castor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1b5bc74934a8bac1cf36c483b27d6fbdb0ad09d79f4471cbac2695209ecf5b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-123657

Malicious code in pipe-mini-css-extract-plugin-vuepress-phoebe npm...

MAL-2025-147721 Malicious code in scorpius-vuetify-metalsmith-mini-css-extract-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2186526dff27c6c4fa856cfe4c9936a3d13ab0f924c3f55f611a9ca589374cf1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144997 Malicious code in mini-css-extract-plugin-taurus-kastra-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa0ba0fec30c09bfc4ffa84020c6073f6557695591ee4f30f607a8ab23ac89c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-113726

Malicious code in express-mini-css-extract-plugin-procyon-acamar npm...

EUVD-2025-116230

Malicious code in babel-rehype-mini-css-extract-plugin-aether npm...

MAL-2025-142098 Malicious code in epimetheus-mini-css-extract-plugin-barnard-apollo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1cfcb545559f2996c7f4a71f9a4e7d0a08c42e31a731215a45e3910b4edabdc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-111123

Malicious code in mini-css-extract-plugin-redis-tool-ignite npm...

ROS-20251106-04

Vulnerability of django.utils.archive.extract function of Django web application software platform is related to errors in the relative directory path handling mechanism. Exploitation of the vulnerability could allow a remote attacker to bypass security restrictions. Vulnerability in...

OPENSUSE-SU-2025:20022-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2025-59681: Fixed a potential SQL injection in QuerySet.annotate, alias, aggregate, and extra on MySQL and MariaDB boo1250485 - CVE-2025-59682: Fixed a potential partial directory-traversal via archive.extract boo1250487...

CVE-2025-12060

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

UBUNTU-CVE-2025-12060

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

CVE-2025-12060

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

CVE-2025-54384

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided...

PT-2025-44433

Name of the Vulnerable Software and Affected Versions Keras affected versions not specified Description The keras.utils.get file API in Keras is susceptible to a path traversal issue when the extract=True option is used with tar archives. The utility employs Python’s tarfile.extractall function...

FreeBSD : Erlang - Absolute Path in Zip Module (237f4f57-b50f-11f0-ae9b-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 237f4f57-b50f-11f0-ae9b-b42e991fc52e advisory. https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc reports: Improper Limitation of a...

CVE-2025-54384

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided...

Cross-site Scripting (XSS)

Overview ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online a...

EUVD-2025-36667

CKAN vulnerable to stored XSS in resource description...