CVE-2025-63811 vulnerabilities

Vulnerabilities for packages: cluster-api-aws-controller-fips, splunk-otel-collector, sqlexporter, sqlexporter-fips, jitsucom-bulker, cluster-api-aws-controller, dapr-fips, opentelemetry-collector-contrib, argo-events, vault-fips, dapr, splunk-otel-collector-fips, argo-events-fips, grafana-alloy,...

opentelemetry-jaeger crate is unmaintained

The opentelemetry-jaeger crate is deprecated and no longer actively maintained. The Jaeger propagator implementation has been migrated to opentelemetry-jaeger-propagator. More information and examples of using OTLP with Jaeger can be found in Introducing native support for OpenTelemetry in Jaeger...

actix-web-opentelemetry (>=0.2.0 <=0.17.0), atomic-server (>=0.32.1 <=0.34.0) +38 more potentially affected by unknown CVE via opentelemetry-jaeger (>=0.10.0 <=0.9.0)

opentelemetry-jaeger CARGO version =0.10.0, =0.2.0, =0.32.1, =0.2.1, =0.1.0, =0.4.0-prerelease1, =0.3.2, =0.2.0-rc-8, =0.2.0-rc-9, =0.2.0-rc-10, =0.2.0-rc, =0.1.0, =0.31.0, =0.1.0, =0.3.2, =0.5.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0123...

RUSTSEC-2025-0123 opentelemetry-jaeger crate is unmaintained

The opentelemetry-jaeger crate is deprecated and no longer actively maintained. The Jaeger propagator implementation has been migrated to opentelemetry-jaeger-propagator. More information and examples of using OTLP with Jaeger can be found in Introducing native support for OpenTelemetry in Jaeger...

BIT-OPENTELEMETRY-COLLECTOR-2024-36129 OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue...

RLSA-2025:15887 Moderate: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score,...

opentelemetry-collector security update

An update is available for opentelemetry-collector. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpris...

RockyLinux 9 : opentelemetry-collector (RLSA-2025:15887)

The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2025:15887 advisory. net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 Tenable has extracted the preceding description block directly from th...

AlmaLinux 10 : opentelemetry-collector (ALSA-2025:16432)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:16432 advisory. net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 Tenable has extracted the preceding description block directly from th...

AlmaLinux 10 : opentelemetry-collector (ALSA-2025:12850)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:12850 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly...

RockyLinux 10 : opentelemetry-collector (RLSA-2025:12850)

The remote RockyLinux 10 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2025:12850 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly...

opentelemetry-collector security update

An update is available for opentelemetry-collector. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpris...

RockyLinux 10 : opentelemetry-collector (RLSA-2025:7479)

The remote RockyLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2025:7479 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in...

EUVD-2023-43649

Malicious code in bioql PyPI...

EUVD-2024-2648

Malicious code in bioql PyPI...

EUVD-2024-2627

Malicious code in bioql PyPI...

EUVD-2025-4694

Malicious code in bioql PyPI...

EUVD-2025-6497

Malicious code in bioql PyPI...

EUVD-2023-2660

Malicious code in bioql PyPI...

EUVD-2023-0632

Malicious code in bioql PyPI...