44 matches found
GHSA-VXPW-J846-P89Q vulnerabilities
Vulnerabilities for packages: npm, actions-runner, pelias-api, kibana, code-server...
GHSA-G8M3-5G58-FQ7M vulnerabilities
Vulnerabilities for packages: npm, actions-runner, pelias-api, kibana, code-server...
CVE-2026-9679 vulnerabilities
Vulnerabilities for packages: npm, actions-runner, pelias-api, kibana, code-server...
GHSA-35P6-XMWP-9G52 vulnerabilities
Vulnerabilities for packages: npm, actions-runner, pelias-api, kibana, code-server...
CVE-2026-11525 vulnerabilities
Vulnerabilities for packages: npm, actions-runner, pelias-api, kibana, code-server...
GHSA-P88M-4JFJ-68FV vulnerabilities
Vulnerabilities for packages: npm, actions-runner, pelias-api, kibana, code-server...
CVE-2026-6733 vulnerabilities
Vulnerabilities for packages: npm, actions-runner, pelias-api, kibana, code-server...
CVE-2026-12151 vulnerabilities
Vulnerabilities for packages: npm, actions-runner, pelias-api, kibana, code-server...
GHSA-8Q5R-MMJF-575Q Claude Code Action: Malicious MCP Server Configuration in PRs Enables Remote Code Execution and Secret Exfiltration
Due to the combination of checking out PR head branches attacker-controlled, reading .mcp.json from the working directory via default setting sources, and unconditionally enabling all project MCP servers via enableAllProjectMcpServers, it was possible for an attacker who opened a PR containing a...
CVE-2026-41907 vulnerabilities
Vulnerabilities for packages: langfuse, saf, argo-workflows, dbgate, prism, actions-runner, opensearch-dashboards-fips, kibana, librechat, wazuh-dashboard, homepage, code-server, sqlpad, opensearch-dashboards, langfuse-fips, kubeflow-pipelines, renovate, npm, gemini-cli, dbgate-fips,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: aws-network-policy-agent, nfs-subdir-external-provisioner, nova, grafana-operator, aws-privateca-issuer, metacontroller, spire-server, external-secrets-operator, dgraph, apko, go, nodetaint, flux-helm-controller, clickhouse-operator, flux-operator, mariadb-operator,...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: helm, nfs-subdir-external-provisioner, secrets-store-csi-driver, filebrowser, tetragon, liquibase-package-manager, cluster-api-provider-vsphere, logstash-exporter, pvc-autoresizer, chartmuseum, crossplane-provider-keycloak, vertical-pod-autoscaler, kube-vip, nuclei,...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: flux-kustomize-controller-fips, gitness, opentofu-fips, trivy, nfpm, cerbos, crossplane-provider-aws-cloudfront-fips, grype, crossplane-provider-aws-eks-fips, terragrunt-fips, crossplane-fips, tfsec, k9s, hydra, flux-helm-controller-fips, grype-fips,...
CVE-2026-25547 vulnerabilities
Vulnerabilities for packages: sqlpad, npm, pulumi, librechat, node-gyp, actions-runner, lerna, renovate...
CVE-2025-61729 vulnerabilities
Vulnerabilities for packages: helm, nfs-subdir-external-provisioner, secrets-store-csi-driver-provider-gcp, secrets-store-csi-driver, glab, gops, pvc-autoresizer, kube-metrics-adapter, steampipe, crossplane-provider-keycloak, kube-vip, nuclei, kubernetes-csi-driver-hostpath, kubecolor, kine,...
EUVD-2025-27053
Malicious code in bioql PyPI...
EUVD-2022-49076
Malicious code in bioql PyPI...
EUVD-2022-6988
Malicious code in bioql PyPI...
Malicious code in actions-runner-admin (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8bf5c8993e97e4a8a3f91ab4b6b7618dc0f73864793854b4458516ece843a6db The OpenSSF Package Analysis project identified 'actions-runner-admin' @ 99.99.99 rubygems as malicious. It is considered malicious because: - T...
MAL-2025-46892 Malicious code in actions-runner-admin (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8bf5c8993e97e4a8a3f91ab4b6b7618dc0f73864793854b4458516ece843a6db The OpenSSF Package Analysis project identified 'actions-runner-admin' @ 99.99.99 rubygems as malicious. It is considered malicious because: - T...