43 matches found
CVE-2026-23949 vulnerabilities
Vulnerabilities for packages: pypy-3.10, awx, py3-setuptools, azure-functions-python-worker, superset, spamcheck, tritonserver-backend-vllm-cuda-12.9, kserve, apache-beam-python-3.11-sdk, nemo, datadog-agent, datadog-agent-fips, pypy-3.11, py3.9-setuptools, ansible-operator-fips, mlflow,...
exploit-chain-generator
Exploit Chain Generator Turn Noise into Signal: Correlate...
CVE-2025-66418 vulnerabilities
Vulnerabilities for packages: py3-pip, pypy-3.10, awx, graalvm, kubeflow-pipelines-visualization-server, superset, spamcheck, azure-functions-host, jupyter-base-notebook, tritonserver-backend-vllm-cuda-12.9, py3-pipenv, kserve, apache-beam-python-3.11-sdk, barman, nemo, datadog-agent,...
CVE-2025-66471 vulnerabilities
Vulnerabilities for packages: py3-pip, pypy-3.10, awx, graalvm, kubeflow-pipelines-visualization-server, superset, spamcheck, azure-functions-host, jupyter-base-notebook, tritonserver-backend-vllm-cuda-12.9, py3-pipenv, kserve, apache-beam-python-3.11-sdk, barman, nemo, datadog-agent,...
GHSA-GM62-XV2J-4W53 vulnerabilities
Vulnerabilities for packages: py3-pip, pypy-3.10, awx, graalvm, kubeflow-pipelines-visualization-server, superset, spamcheck, azure-functions-host, jupyter-base-notebook, tritonserver-backend-vllm-cuda-12.9, py3-pipenv, kserve, apache-beam-python-3.11-sdk, barman, nemo, datadog-agent,...
GHSA-2XPW-W6GG-JR37 vulnerabilities
Vulnerabilities for packages: py3-pip, pypy-3.10, awx, graalvm, kubeflow-pipelines-visualization-server, superset, spamcheck, azure-functions-host, jupyter-base-notebook, tritonserver-backend-vllm-cuda-12.9, py3-pipenv, kserve, apache-beam-python-3.11-sdk, barman, nemo, datadog-agent,...
Mutillidae-SAST-Analysis
🛡️ Static Application Security Testing SAST: OWASP Mutillida...
EUVD-2023-1471
Malicious code in bioql PyPI...
Automatically Generating Rules of Malicious Software Packages Via Large Language Model
Today's security tools predominantly rely on predefined rules crafted by experts, making them poorly adapted to the emergence of software supply chain attacks. To tackle this limitation, we propose a novel tool, RuleLLM, which leverages large language models LLMs to automate rule generation for O...
SUSE-SU-2024:1486-2 Security update for cosign
This update for cosign fixes the following issues: - CVE-2024-29902: Fixed denial of service on host machine via remote image with a malicious attachments bsc1222835 - CVE-2024-29903: Fixed denial of service on host machine via malicious software artifacts bsc1222837 Other fixes: - Updated to 2.2...
Callisto - An Intelligent Binary Vulnerability Analysis Tool
Callisto is an intelligent automated binary vulnerability analysis tool. Its purpose is to autonomously decompile a provided binary and iterate through the psuedo code output looking for potential security vulnerabilities in that pseudo c code. Ghidra's headless decompiler is what drives the bina...
SUSE CVE-2023-32758
giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...
git-url-parse Regular Expression Denial of Service
giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...
CVE-2023-32758
giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...
Design/Logic Flaw
giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...
CVE-2023-32758
giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...
CVE-2023-32758
The connected documents confirm CVE-2023-32758 affects git-url-parse (Python) up to 1.2.2, used by Semgrep versions 1.5.2–1.24.1. The issue is a Regular Expression Denial of Service (ReDoS) when parsing untrusted URLs, with potential impact if a package’s author embeds a crafted URL in a target p...
PT-2023-24006
Name of the Vulnerable Software and Affected Versions giturlparse versions through 1.2.2 Semgrep versions 1.5.2 through 1.24.1 Description The issue is related to ReDoS Regular Expression Denial of Service when parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted...
CVE-2023-32758
giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...
CVE-2023-32758
giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...