EUVD-2026-33537

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched...

CVE-2026-10216

The CVE-2026-10216 entry concerns unitedbyai droidclaw (

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/flight-math (=0.5.3)

@squawk/flight-math NPM version =0.5.3 is affected by a known vulnerability. The following packages have a transitive dependency on @squawk/flight-math and may be impacted: - @squawk/mcp =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKFLIGHTMATH-16640879...

Fedora 44 : libcgif (2026-7fd284c688)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7fd284c688 advisory. Version 0.5.3 - Fix potential undefined behavior in cgifaddframe which could have led to an integer overflow CVE-2026-4985 Tenable has extracted the precedin...

[SECURITY] Fedora 43 Update: rust-btrd-0.5.3-12.fc43

The btrfs debugger...

CVE-2022-0338

Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...

CVE-2025-23826

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pedjas Stop Comment Spam stop-comment-spam allows Stored XSS.This issue affects Stop Comment Spam: from n/a through = 0.5.3...

CVE-2025-67744 Mermaid XSS vulnerability leads to Remote Code Execution

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer...

GHSA-FMH4-WR37-44FP React Server Components are Vulnerable to RCE

Summary @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained an unauthenticated remote code execution vulnerability in versions prior to 19.0.1, 19.1.2, and 19.2.1. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r...

OPENSUSE-SU-2025:15703-1 kubecolor-0.5.3-1.1 on GA media

These are all security issues fixed in the kubecolor-0.5.3-1.1 package on the GA media of openSUSE Tumbleweed...

MAL-2025-49317 Malicious code in solc_0.5.3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf5a247d617b73fa5ff87742fa1c25a74b47bd06dcd2ad4069f1d9347b3edf7a The package solc0.5.3 was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2021-27527

Malicious code in bioql PyPI...

EUVD-2022-6780

Malicious code in bioql PyPI...

EUVD-2023-44150

Malicious code in bioql PyPI...

EUVD-2022-7148

Malicious code in bioql PyPI...

EUVD-2023-44152

Malicious code in bioql PyPI...

EUVD-2025-10638

Malicious code in bioql PyPI...

EUVD-2022-0146

Malicious code in bioql PyPI...

EUVD-2023-44149

Malicious code in bioql PyPI...

CVE-2025-59825

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which...