EUVD-2025-10405

Malicious code in bioql PyPI...

EUVD-2023-2549

Malicious code in bioql PyPI...

EUVD-2025-10404

Malicious code in bioql PyPI...

EUVD-2025-0090

Malicious code in bioql PyPI...

EUVD-2025-10732

Malicious code in bioql PyPI...

EUVD-2024-2999

Malicious code in bioql PyPI...

EUVD-2025-2097

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-50658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value. CVE-2023-50658 No...

Security Bulletin: Astronomer with IBM is vulnerable to several vulnerabilities

Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2021-33194 DESCRIPTION: golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service infinite loop via crafted...

AZL-66135 CVE-2025-47907 affecting package golang for versions less than 1.18.8-9

Cancelling a query e.g. by cancelling the context passed to one of the query methods during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak

Summary Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

UBUNTU-CVE-2025-48938

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...

CVE-2025-46721

nosurf is cross-site request forgery CSRF protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass CSRF checks and issue requests on user's behal...

CVE-2025-46721 nosurf vulnerable to CSRF due to non-functional same-origin request checks

nosurf is cross-site request forgery CSRF protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass CSRF checks and issue requests on user's behal...

go-jose: Go JOSE's Parsing Vulnerable to Denial of Service

A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...

ALSA-2025:7425 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

RHEL 9 : osbuild-composer (RHSA-2025:4569)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:4569 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...

GO-2025-3603 Query smuggling in ch-go library in github.com/ClickHouse/ch-go

Query smuggling in ch-go library in github.com/ClickHouse/ch-go...

CVE-2025-3445

A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using the...