6 matches found
CVE-2026-13323
In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...
Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery
Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code VS Code extensions published in the marketplace. The action comes following a report from cloud security company Wiz earlier...
New Shai-hulud Worm Infecting npm Packages With Millions of Downloads
ReversingLabs discovers "Shai-hulud," a self-replicating computer worm on the npm open-source registry. Learn how the malware steals developer…...
CVE-2025-32019
Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed ...
CVE-2025-32019
Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed ...
Mirror Registry 安全漏洞
Mirror Registry is a QUAY open source standalone registry for installing mirror images for Openshift. A security vulnerability exists in Mirror Registry that stems from improperly written permissions in the /etc/passwd file, which could lead to elevated privileges...