surf is unmaintained

The surf crate is unmaintained, and all versions are affected. For alternatives, consider using reqwest or ureq. See this issue for more context...

RUSTSEC-2026-0169 surf is unmaintained

The surf crate is unmaintained, and all versions are affected. For alternatives, consider using reqwest or ureq. See this issue for more context...

RUSTSEC-2026-0170 tide is unmaintained

The tide crate is unmaintained, and all versions are affected. The closest maintained alternative might be trillium. See this issue for more context...

tide is unmaintained

The tide crate is unmaintained, and all versions are affected. The closest maintained alternative might be trillium. See this issue for more context...

FreeBSD-SA-26:20.fusefs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:20.fusefs Security Advisory The FreeBSD Project Topic: Heap overflow in FUSELISTXATTR Category: core Module: fusefs Announced: 2026-05-20 Credits: Joshua...

APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

Malicious Package

Overview knot-activesupport-logger is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

Malicious Package

Overview knot-simple-formatter is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

CVE-2026-6063

Removed by vendor...

CVE-2026-6073

Removed by vendor...

CVE-2026-6883

Removed by vendor...

CVE-2026-7481

Removed by vendor...

CVE-2026-8144

Removed by vendor...

CVE-2026-5029

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...

Oracle Linux 缓冲区错误漏洞

Oracle Linux is an open and complete operating environment from Oracle Corporation that provides virtualization, management and cloud-native computing tools, and operating systems. A buffer error vulnerability exists in Oracle Linux that stems from the ELF parser failing to perform bounds checkin...

GHSA-QP2C-XQV6-PHH6 django-mdeditor is Missing Authentication for Critical Function

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

CVE-2026-5712 IdentityIQ Role Editor Incorrect Authorization Vulnerability

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

CVE-2025-6016

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain...

UBUNTU-CVE-2025-6016

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain...

CVE-2025-3922

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service by overwhelming system resources under certain conditions due to insufficient...