CVE-2026-31963

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

GHSA-4X4V-CW6F-WC3M vulnerabilities

Vulnerabilities for packages: chromium...

SUSE CVE-2026-32260

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...

CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

CVE-2026-28229 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines...

GHSA-7WC2-QXGW-G8GG vulnerabilities

Vulnerabilities for packages: airflow...

CVE-2025-38011 affecting package kernel for versions less than 6.6.126.1-1

CVE-2025-38011 affecting package kernel for versions less than 6.6.126.1-1. A patched version of the package is available...

CVE-2026-23107 affecting package kernel for versions less than 6.6.126.1-1

CVE-2026-23107 affecting package kernel for versions less than 6.6.126.1-1. A patched version of the package is available...

CVE-2026-3846

Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...

mysql: DDL unspecified vulnerability (CPU Jan 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access v...

firefox: thunderbird: Incorrect boundary conditions in the Graphics: ImageLib component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: ImageLib component...

CVE-2025-38499 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-38499 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-38729 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-38729 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

GHSA-XXH7-FCF3-RJ7F vulnerabilities

Vulnerabilities for packages: strimzi-kafka-operator, neo4j, apache-pulsar, trino, akhq, confluent-kafka, dependency-track, kafka, solr, druid...

CVE-2026-1605 vulnerabilities

Vulnerabilities for packages: strimzi-kafka-operator, neo4j, apache-pulsar, trino, akhq, confluent-kafka, dependency-track, kafka, solr, druid...

CVE-2026-29786

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...

GHSA-V5RP-3MCX-FR73 vulnerabilities

Vulnerabilities for packages: libvips...

ROS-20260304-73-0025

A vulnerability in the Linux operating system kernel is related to a pointer dereferencing bug. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

firefox: thunderbird: Invalid pointer in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Invalid pointer in the JavaScript Engine component...

cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...