MAL-2025-46929 Malicious code in monolith-twirp-github-repositories (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b6ab9bea194d9fa5ad57b833b09316a0c338a6beb920638e9aff880730969c89 The OpenSSF Package Analysis project identified 'monolith-twirp-github-repositories' @ 1.0.0 rubygems as malicious. It is considered malicious...

Malicious code in github-proto-repositories (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ad787034378f8dfd5ad9c74128aafad9b053f1296acc980aee3f70693f23d3c3 The OpenSSF Package Analysis project identified 'github-proto-repositories' @ 1.2.11.re9f78aa rubygems as malicious. It is considered malicious...

MAL-2025-46911 Malicious code in github-proto-repositories (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ad787034378f8dfd5ad9c74128aafad9b053f1296acc980aee3f70693f23d3c3 The OpenSSF Package Analysis project identified 'github-proto-repositories' @ 1.2.11.re9f78aa rubygems as malicious. It is considered malicious...

VULSOVER: Vulnerability Detection Via LLM-Driven Constraint Solving

Traditional vulnerability detection methods rely heavily on predefined rule matching, which often fails to capture vulnerabilities accurately. With the rise of large language models LLMs, leveraging their ability to understand code semantics has emerged as a promising direction for achieving more...

CVE-2025-9118

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

Linux Distros Unpatched Vulnerability : CVE-2022-2455

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before...

SUSE SLES12 Security Update : git (SUSE-SU-2025:03022-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03022-1 advisory. - CVE-2025-27613: Fixed arbitrary writable file creation and truncation in Gitk bsc1245938 - CVE-2025-46835: Fixed arbitrary writable file...

Linux Distros Unpatched Vulnerability : CVE-2024-35242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository...

Linux Distros Unpatched Vulnerability : CVE-2021-22167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary...

Linux Distros Unpatched Vulnerability : CVE-2024-9623

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4...

Malicious Package

Overview time-service-checker is a malicious package. This package contains malicious code intended to exfiltrate data, and its contents have been removed from the official package manager. Although it appears to be a time-related utility, its main function is to collect system information and se...

CVE-2025-9118

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

CVE-2025-9118 Dataform Path Traversal

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

CVE-2025-9118 Dataform Path Traversal

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

Linux Distros Unpatched Vulnerability : CVE-2017-7435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious server...

TencentOS Server 4: git (TSSA-2025:0618)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0618 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

cmd/go: Go VCS Command Execution Vulnerability

A flaw was found in cmd/go. The go command can execute arbitrary commands when processing untrusted version control system VCS repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This...

SUSE SLES15 Security Update : go1.24-openssl (SUSE-SU-2025:02837-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02837-1 advisory. Updated to go1.24.6 released 2025-08-06 bsc1236217: - CVE-2025-4674: Fixed unexpected command execution in untrusted VCS...

cmd/go: Go VCS Command Execution Vulnerability

A flaw was found in cmd/go. The go command can execute arbitrary commands when processing untrusted version control system VCS repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This...

cmd/go: Go VCS Command Execution Vulnerability

A flaw was found in cmd/go. The go command can execute arbitrary commands when processing untrusted version control system VCS repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This...