Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in the removeapikeys and hasapiterms functions of the Flow Using API component. An attacker can access sensitive credential information by exploiting unprotected storage mechanisms remotely. Remediation Upgrade...

📄 Activitypub-federation-rust 0.7.1 Server-Side Request Forgery

This is a server-side request forgery scanner for Activitypub-federation-rust version 0.7.1. ================================================================================================================================== | Title : Activitypub-federation-rust 0.7.1 Lemmy ActivityPub SSRF Scanne...

SUSE CVE-2026-31960

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via an unbounded read of the HTTP response body during notarization. An attacker can exhaust system memory and cause a crash by supplying a maliciously large HTTP response body if the...

CVE-2026-31960

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...

EUVD-2026-11334

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as active documents capable of executing embedded JavaScript, creating a stored XSS vulnerability. This vulnerability is fixed in 0.7.1...

CVE-2026-32095

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as active documents capable of executing embedded JavaScript, creating a stored XSS vulnerability. This vulnerability is fixed in 0.7.1...

CVE-2026-32095 Plunk has Stored Cross-Site Scripting (XSS) via SVG File Upload

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as active documents capable of executing embedded JavaScript, creating a stored XSS vulnerability. This vulnerability is fixed in 0.7.1...

CVE-2026-31960

CVE-2026-31960 concerns Quill, which before 0.7.1 had an unbounded read of HTTP response bodies during the Apple notarization flow. The vulnerability can allow an attacker who can modify or forge API responses (e.g., via TLS-intercepting proxies or trust boundary violations) to feed an arbitraril...

CVE-2026-31960 DoS in Quill via unbounded read of HTTP response body during notarization

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...

CVE-2026-31960

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...

CVE-2026-31959

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...

GHSA-G32C-4PVP-769G Quill has DoS via unbounded read of HTTP response body during notarization

Impact Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network conditions due to HTTPS with proper TLS...

GHSA-XJ69-M9QQ-8M94 Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing

Impact Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in environments such as CI/CD pipelines, shared signing services, or any...

GHSA-7Q3Q-5PX6-4C5P Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval

Impact Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network...

PT-2026-24814

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as active documents capable of executing embedded JavaScript, creating a stored XSS vulnerability. This vulnerability is fixed in 0.7.1...

EUVD-2018-13305

Malware in sbrugna...

EUVD-2018-0531

Malware in sbrugna...

EUVD-2021-1579

Malware in sbrugna...

EUVD-2023-33774

Malicious code in bioql PyPI...