ai.tock:bot-test (=23.9.2), ai.tock:bot-test-base (=23.9.2) +498 more potentially affected by CVE-2026-40458 via org.pac4j:pac4j-core (>=6.0.0-RC1 <=6.4.0)

org.pac4j:pac4j-core MAVEN version =6.0.0-RC1, =6.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.pac4j:pac4j-core and may be impacted: - ai.tock:bot-test =23.9.2 - ai.tock:bot-test-base =23.9.2 - ai.tock:bot-toolkit =23.9.2 -...

IMAPServer (=0.1.0), OpenDataSH_twitter_notifier (>=0.1.0 <=0.1.2) +1860 more potentially affected by unknown CVE via tokio-uds (>=0.1.5 <=0.3.0-alpha.1)

tokio-uds CARGO version =0.1.5, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.4.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.7.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0050...

@activfinancial/activ-workstation (>=0.3.0 <=0.4.35), @activfinancial/time-series-chart (>=0.3.40 <=0.3.51) +36 more potentially affected by CVE-2026-1513 via billboard.js (>=1.0.1 <=3.14.0)

billboard.js NPM version =1.0.1, =0.3.0, =0.3.40, =3.0.0, =0.0.55, =1.0.0, =1.0.0, =4.0.0, =1.0.0, =1.0.0, =0.0.1-alpha.1, =5.4.0, =1.5.0, =2.0.0 and more Source cves: CVE-2026-1513 Source advisory: OSV:GHSA-RPC5-PM7Q-HJMP...

achoz (>=0.3.0 <=0.3.42), aclpubcheck (>=0.1.0 <=0.2.0) +310 more potentially affected by CVE-2025-70559 via pdfminer-six (>=20140915.0.0 <=20251107.0.0)

pdfminer-six PYPI version =20140915.0.0, =0.3.0, =0.1.0, =0.8.1, =0.2.0, =1.1.74b0, =0.1.11, =0.1.0, =1.0.0, =1.0.0, =1.0.29, =0.3.3, =0.3.6, =0.0.8, =0.1.5, =0.2.44 and more Source cves: CVE-2025-70559 Source advisory: OSV:GHSA-F83H-GHPP-7WCC...

EUVD-2025-31228

Malicious code in bioql PyPI...

PT-2024-34757 · Unknown · Aajoda Testimonials

Name of the Vulnerable Software and Affected Versions: Aajoda Testimonials versions n/a through 2.2.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in Aajoda Testimonials...

africa.absa:inception-application (>=1.0.0 <=1.2.0), app.fmgp:scala-did-docs_3 (>=0.1.0-M16 <=0.1.0-M33) +3379 more potentially affected by CVE-2024-5971 via io.undertow:undertow-core (>=1.0.0.Alpha1 <=2.2.33.Final)

io.undertow:undertow-core MAVEN version =1.0.0.Alpha1, =1.0.0, =0.1.0-M16, =1.0.0, =0.4.0, =2.0.0, =1.0.2, =1.0.0, =1.2.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2024-5971 Source advisory: OSV:GHSA-XPP6-8R3J-WW43...

PT-2024-13378 · Unknown · Ics Calendar

Name of the Vulnerable Software and Affected Versions: ICS Calendar versions n/a through 10.12.0.3 Description: The issue affects ICS Calendar, allowing Absolute Path Traversal and Server Side Request Forgery due to improper limitation of a pathname to a restricted directory. This enables an...

ARM Mali GPU Driver 资源管理错误漏洞

ARM Mali GPU Driver is a driver from ARM UK for Mali GPU support. A security vulnerability exists in ARM Mali GPU Driver versions r41p0 through r47p0, which stems from a post-release reuse vulnerability in the kernel driver that allows an attacker to perform incorrect GPU memory handling operatio...

2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-24559 via vyper (>=0.1.0b12 <=0.3.9)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-24559 Source advisory: OSV:GHSA-6845-XW22-FFXV...

aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +114 more potentially affected by CVE-2021-26697 via apache-airflow (>=1.10.1 <=2.0.0rc3)

apache-airflow PYPI version =1.10.1, =0.1.0rc3, =0.1.0, =1.0.7, =0.5.1, =0.1.0, =0.1.1, =0.0.7, =2.4.2, =1.0.1, =0.0.1, =0.1.6, =0.0.2, =1.0.0, =1.2.1, =1.6.2 and more Source cves: CVE-2021-26697 Source advisory: OSV:PYSEC-2021-3...

abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +245 more potentially affected by CVE-2020-26267 via tensorflow (>=1.0.1 <=1.15.4)

tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.4.2, =0.1.1, =0.1.5 - autobazaar =0.1.0 - autogan =0.0.5 - automationobjectdetection-sandeepjena7 =0.0.1 - automl-lib =0.0.1 and more Source cves: CVE-2020-26267 Source advisory: OSV:PYSEC-2020-140...

ai.databand.azkaban:azkaban-common (=3.18.0), ai.databand.azkaban:azkaban-exec-server (=3.18.0) +4552 more potentially affected by CVE-2019-2692 via mysql:mysql-connector-java (>=3.0.10 <=8.0.15)

mysql:mysql-connector-java MAVEN version =3.0.10, =0.1.0, =4.1.3, =0.0.13, =1.13.3, =Finchley.SR2.SR1, =1.0.0, =0.0.3, =0.0.5 - at.molindo:molindo-mysql-collations-lib =0.1.0 - bd.ac.seu.erp:model =0.0.2 and more Source cves: CVE-2019-2692 Source advisory: OSV:GHSA-JCQ3-CPRP-M333...

PT-2020-2798 · Sds · Sds

Name of the Vulnerable Software and Affected Versions: sds versions 0.0.0 through 3.2.0 Description: The issue is related to Prototype Pollution, where the library can be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. This is...