6720 matches found
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. An attacker can predict or brute force...
CLSA-2025-1764062286 edk2: Fix of 2 CVEs
CVE-2023-45236: fix TCP Initial Sequence Number generation in NetworkPkg to prevent predictable sequence numbers - CVE-2023-45237: fix weak pseudo-random number generator in NetworkPkg to prevent predictable TCP sequence numbers...
Security update for bind
This update for bind fixes the following issues: CVE-2025-40778: Address various spoofing attacks bsc1252379. CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...
Malicious code in @eventcatalog/generator-asyncapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9598dd9b72db501adb05bcad416fa140dc327848558cdcca03a10d2b127113b The package @eventcatalog/generator-asyncapi was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191452 Malicious code in @eventcatalog/generator-asyncapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9598dd9b72db501adb05bcad416fa140dc327848558cdcca03a10d2b127113b The package @eventcatalog/generator-asyncapi was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199206
Malicious code in generator-meteor-stock npm...
MAL-2025-191101 Malicious code in generator-meteor-stock (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 678199611d26a80c99b9cad377ac570dda69e8bc8ed1114a1178d98c2c611973 The package generator-meteor-stock was found to contain malicious code. Source: ghsa-malware...
Malicious code in generator-meteor-stock (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 678199611d26a80c99b9cad377ac570dda69e8bc8ed1114a1178d98c2c611973 The package generator-meteor-stock was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199209
Malicious code in generator-ng-itobuz npm...
Malicious code in generator-ng-itobuz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 496207345626f600a0e4b6a1b81eaba0e1c575f8d71ceb479651681a6c132b7b The package generator-ng-itobuz was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191102 Malicious code in generator-ng-itobuz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 496207345626f600a0e4b6a1b81eaba0e1c575f8d71ceb479651681a6c132b7b The package generator-ng-itobuz was found to contain malicious code. Source: ghsa-malware...
@asyncapi/cli (>=2.5.0 <=4.1.1), @powerlines/plugin-asyncapi (>=0.1.0 <=0.1.558) +1 more potentially affected by unknown CVE via @asyncapi/generator (>=2.11.0 <=2.8.3)
@asyncapi/generator NPM version =2.11.0, =2.5.0, =0.1.0, =0.1.558 - nestjs-asyncapi =2.0.1 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIGENERATOR-14103255...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
@achinet/nestjs-async (>=0.1.0 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +36 more potentially affected by unknown CVE via @asyncapi/generator-react-sdk (>=1.1.2 <=1.1.3)
@asyncapi/generator-react-sdk NPM version =1.1.2, =0.1.0, =3.0.0, =4.1.3, =0.24.0, =1.10.14, =0.2.0, =0.1.0, =1.0.0, =0.2.2, =1.3.3, =2.0.0, =0.16.0, =0.16.23 - @asyncapi/template-dart-websocket-client =0.0.1 - @asyncapi/template-java-websocket-quarkus =0.0.1 -...
EUVD-2025-198831
Malicious code in github-action-for-generator npm...
Malicious code in github-action-for-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 456b535e2ac0dbf2257fbb995ee5d72a53c3cfc544a0c9fb477f0c7eb20477d1 The package github-action-for-generator was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190845 Malicious code in github-action-for-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 456b535e2ac0dbf2257fbb995ee5d72a53c3cfc544a0c9fb477f0c7eb20477d1 The package github-action-for-generator was found to contain malicious code. Source: ghsa-malware...
Malicious code in @seung-ju/openapi-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f38aa15b9a4a24dec5d8ea17b00f0bcc9e7ba46386fd087b3a9fa569ade45a6 The package @seung-ju/openapi-generator was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198778
Malicious code in @seung-ju/openapi-generator npm...