236 matches found
CVE-2025-68120 Unexpected untrusted code execution in github.com/golang/vscode-go
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...
PT-2025-53815
Name of the Vulnerable Software and Affected Versions Visual Studio Code Go extension affected versions not specified Description The Visual Studio Code Go extension was disabled in Restricted Mode to prevent unexpected untrusted code execution. Recommendations At the moment, there is no...
Code Injection
@anthropic-ai/claude-code is vulnerable to code injection.The vulnerability is due to a flaw in the startup trust dialog that allows an attacker to trick the tool into executing untrusted project code before the user approves the dialog...
CVE-2025-12120
Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...
EUVD-2021-2099
Malware in sbrugna...
EUVD-2021-1277
Malware in sbrugna...
EUVD-2009-1891
Malware in sbrugna...
EUVD-2021-16129
Malware in sbrugna...
EUVD-2021-8683
Malicious code in bioql PyPI...
EUVD-2023-0229
Malicious code in bioql PyPI...
EUVD-2022-0835
Malicious code in bioql PyPI...
EUVD-2021-8684
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-21373
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, nimble refresh fetches a list of Nimble...
Important: java-24-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15,...
CVE-2025-54430
dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a critical severity vulnerability has been identified within the .github/workflows/benchmark-bot.yml workflow, where a issuecomme...
CVE-2025-53546
Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...
PT-2025-28898 · Folo · Folo
Name of the Vulnerable Software and Affected Versions: Folo affected versions not specified Description: Folo organizes feeds content into one timeline. The use of pull request target in the .github/workflows/auto-fix-lint-format-commit.yml workflow file can be exploited by attackers to execute...
CVE-2021-21423
projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...
CVE-2021-30245
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-https hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to...
CVE-2021-29655
Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute...