amaranth-yosys (=0.25.0.0.post69), polywrap-client (=0.1.0a17) +4 more potentially affected by CVE-2026-34983 via wasmtime (=6.0.0)

wasmtime PYPI version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on wasmtime and may be impacted: - amaranth-yosys =0.25.0.0.post69 - polywrap-client =0.1.0a17 - polywrap-client-config-builder =0.1.0a17 - polywrap-uri-resolvers =0.1.0a15,...

amaranth-yosys (=0.25.0.0.post71), yowasp-runtime (>=1.20.0 <=1.21.0) potentially affected by CVE-2026-34983 via wasmtime (=8.0.1)

wasmtime PYPI version =8.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on wasmtime and may be impacted: - amaranth-yosys =0.25.0.0.post71 - yowasp-runtime =1.20.0, =1.21.0 Source cves: CVE-2026-34983 Source advisory: OSV:PYSEC-2026-151...

amaranth-yosys (>=0.25.0.0.post61 <=0.25.0.0.post67), yowasp-runtime (>=1.7.0 <=1.12.0) potentially affected by CVE-2026-34983 via wasmtime (=5.0.0)

wasmtime PYPI version =5.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on wasmtime and may be impacted: - amaranth-yosys =0.25.0.0.post61, =1.7.0, =1.12.0 Source cves: CVE-2026-34983 Source advisory: OSV:PYSEC-2026-151...

amaranth-yosys (=0.25.0.0.post70), yowasp-runtime (=1.19.0) potentially affected by CVE-2026-34983 via wasmtime (=7.0.0)

wasmtime PYPI version =7.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on wasmtime and may be impacted: - amaranth-yosys =0.25.0.0.post70 - yowasp-runtime =1.19.0 Source cves: CVE-2026-34983 Source advisory: OSV:PYSEC-2026-151...

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker...

EUVD-2025-120007

Malicious code in western-amaranth-elk npm...

EUVD-2025-117196

Malicious code in occupational-amaranth-buzzard npm...

EUVD-2025-117425

Malicious code in eastern-amaranth-eel npm...

EUVD-2025-117410

Malicious code in ethical-amaranth-hawk npm...

EUVD-2025-117201

Malicious code in nursing-amaranth-kiwi npm...

EUVD-2025-117289

Malicious code in international-amaranth-booby npm...

EUVD-2025-117398

Malicious code in expected-amaranth-cattle npm...

EUVD-2025-117400

Malicious code in exclusive-amaranth-leopard npm...

EUVD-2025-117381

Malicious code in fiscal-amaranth-aphid npm...

Malicious code in exclusive-amaranth-leopard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8360dffed6c70e9c222c697a15ab756366193c77dff4a7f17660630761ee9db0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-117415

Malicious code in empirical-amaranth-scorpion npm...

EUVD-2025-74292

Malicious code in retiredsquirrelamaranth-28 npm...

Malicious code in retired_anglerfish_amaranth-92 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f809104d1a00ff7403d1dd319017190b2097e4bfde99f2825c48964410b00e77 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-74071

Malicious code in xerothermictoucanamaranth-81 npm...

EUVD-2025-74421

Malicious code in noisybisonamaranth-62 npm...