@n8n/task-runner (>=1.37.0 <=1.42.3), n8n-node-dev (>=1.0.0 <=1.104.3) +10 more potentially affected by CVE-2025-57749 via n8n-core (>=1.0.0 <=1.105.3)

n8n-core NPM version =1.0.0, =1.37.0, =1.0.0, =0.1.0, =0.3.3, =0.3.1, =1.1.0, =0.1.4, =0.4.10, =0.2.0, =0.1.0, =0.4.28 Source cves: CVE-2025-57749 Source advisory: SNYK:JS-N8NCORE-12081401...

MAL-2025-16199 Malicious code in browser-sync-task-runner (npm)

The package browser-sync-task-runner was found to contain malicious code...

Malicious code in browser-sync-task-runner (npm)

The package browser-sync-task-runner was found to contain malicious code...

[SECURITY] Fedora 41 Update: golang-github-task-3.40.1-1.fc41

A task runner / simpler Make alternative written in Go...

From Spring Cloud Data Flow 2.11.x to 3.0

Dear Spring Community, With the recent announcement of Spring Framework 7.0 and Spring Boot 4.0, the Spring Cloud Data Flow team is pleased to announce the next major release, SCDF 3.0, to align with both Spring Framework 7.0 and Spring Boot 4.0. This will bring the following SCDF ecosystem of...

Fedora: Security Advisory for golang-github-task (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-task-3.14.0-3.fc36

A task runner / simpler Make alternative written in Go...

[SECURITY] Fedora 35 Update: golang-github-task-3.14.0-2.fc35

A task runner / simpler Make alternative written in Go...

cilantro 路径遍历漏洞

cilantro is an open source task runner from Deutsches Archäologisches Institut in Germany. Designed to manage long running distributed jobs that operate on file system objects . cilantro version 0.0.4 and earlier versions of a security vulnerability , the vulnerability stems from Flask's sendfile...

Malicious Package

Overview cs-task-runner is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...

Malicious code in cs-task-runner (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c39698ac329277055768167de3fa99bf56777d8a97481cea290407f8226eeedb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[ASA-202107-34] code: arbitrary code execution

Arch Linux Security Advisory ASA-202107-34 ========================================== Severity: Medium Date : 2021-07-20 CVE-ID : CVE-2021-31211 CVE-2021-31214 Package : code Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1963 Summary ======= The package co...

USN-4595-1: Grunt vulnerability

It was discovered that Grunt did not properly load yaml files. An attacker could possibly use this to execute arbitrary code. CVE-2020-7729...

Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free

Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger...

Google Chrome &lt; M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free

There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger this by closing the browser while running the attached poc; I'm not sure if there's a...