44 matches found
CVE-2026-6733 vulnerabilities
Vulnerabilities for packages: pelias-api, prism, renovate, kibana, npm, haraka, node-gyp, py3-captum, actions-runner, saf, gemini-cli, code-server, vitess...
CVE-2026-9679 vulnerabilities
Vulnerabilities for packages: pelias-api, prism, renovate, kibana, npm, haraka, node-gyp, py3-captum, actions-runner, saf, gemini-cli, code-server, vitess...
GHSA-P88M-4JFJ-68FV vulnerabilities
Vulnerabilities for packages: pelias-api, prism, renovate, kibana, npm, haraka, node-gyp, py3-captum, actions-runner, saf, gemini-cli, code-server, vitess...
GHSA-G8M3-5G58-FQ7M vulnerabilities
Vulnerabilities for packages: pelias-api, prism, renovate, kibana, npm, haraka, node-gyp, py3-captum, actions-runner, saf, gemini-cli, code-server, vitess...
CVE-2026-12151 vulnerabilities
Vulnerabilities for packages: pelias-api, prism, renovate, kibana, npm, haraka, node-gyp, py3-captum, actions-runner, saf, gemini-cli, code-server, vitess...
GHSA-VXPW-J846-P89Q vulnerabilities
Vulnerabilities for packages: pelias-api, prism, renovate, kibana, npm, haraka, node-gyp, py3-captum, actions-runner, saf, gemini-cli, code-server, vitess...
GHSA-35P6-XMWP-9G52 vulnerabilities
Vulnerabilities for packages: pelias-api, prism, renovate, kibana, npm, haraka, node-gyp, py3-captum, actions-runner, saf, gemini-cli, code-server, vitess...
CVE-2026-11525 vulnerabilities
Vulnerabilities for packages: pelias-api, prism, renovate, kibana, npm, haraka, node-gyp, py3-captum, actions-runner, saf, gemini-cli, code-server, vitess...
GHSA-8Q5R-MMJF-575Q Claude Code Action: Malicious MCP Server Configuration in PRs Enables Remote Code Execution and Secret Exfiltration
Due to the combination of checking out PR head branches attacker-controlled, reading .mcp.json from the working directory via default setting sources, and unconditionally enabling all project MCP servers via enableAllProjectMcpServers, it was possible for an attacker who opened a PR containing a...
CVE-2026-41907 vulnerabilities
Vulnerabilities for packages: langfuse-fips, redisinsight, gitlab-rails-ce, saf, homepage, wazuh-dashboard-fips, opensearch-dashboards-fips, py3-jupyterlab, librechat, gitlab-rails-ce-fips, jitsucom-jitsu, nextcloud-server, langfuse, argo-workflows, drupal, kubeflow-pipelines, dbgate, py3-captum,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: sftpgo-plugin-eventsearch, spire-server, pluto, metacontroller, envoy-ratelimit, aws-privateca-issuer, flux-source-controller, polaris, malcontent, flux-image-automation-controller, dkron, flux-helm-controller, apko, temporal, external-secrets-operator, smokescreen,...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: gcp-compute-persistent-disk-csi-driver, configmap-reload, croc, mockery, k8ssandra-operator, openbao-k8s, authservice, neuvector-dbgen, telegraf, cluster-autoscaler, manifest-tool, kube-arangodb, mountpoint-s3-csi-driver, terraform-provider-aws, azure-service-operato...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: kubevela, packer-fips, src-fingerprint, tfsec, crossplane-provider-azure-storage, terraform-provider-pagerduty-fips, xeol, crossplane-provider-aws-memorydb, osv-scanner, k9s-fips, argocd-image-updater, crossplane-provider-aws-elasticache-fips, grype-db,...
CVE-2026-25547 vulnerabilities
Vulnerabilities for packages: drupal, librechat, pulumi, renovate, npm, node-gyp, lerna, actions-runner, sqlpad...
CVE-2025-61729 vulnerabilities
Vulnerabilities for packages: nri-cassandra, mockery, nri-memcached, go-jsonnet, src, k8ssandra-operator, openbao-k8s, thanos, neuvector-dbgen, telegraf, mountpoint-s3-csi-driver, podman, kuberay-operator, kots, gobump, gostatsd, ip-masq-agent, kubernetes-csi-external-snapshotter,...
EUVD-2022-49076
Malicious code in bioql PyPI...
EUVD-2022-6988
Malicious code in bioql PyPI...
EUVD-2025-27053
Malicious code in bioql PyPI...
Malicious code in actions-runner-admin (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8bf5c8993e97e4a8a3f91ab4b6b7618dc0f73864793854b4458516ece843a6db The OpenSSF Package Analysis project identified 'actions-runner-admin' @ 99.99.99 rubygems as malicious. It is considered malicious because: - T...
MAL-2025-46892 Malicious code in actions-runner-admin (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8bf5c8993e97e4a8a3f91ab4b6b7618dc0f73864793854b4458516ece843a6db The OpenSSF Package Analysis project identified 'actions-runner-admin' @ 99.99.99 rubygems as malicious. It is considered malicious because: - T...