io.micronaut.aot:micronaut-aot-core (=3.0.0-M2), io.micronaut.aot:micronaut-aot-std-optimizers (=3.0.0-M2) +536 more potentially affected by CVE-2026-44242 via io.micronaut:micronaut-inject (>=5.0.0-M1 <=5.0.0-M24)

io.micronaut:micronaut-inject MAVEN version =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M3 and more Source cves: CVE-2026-44242 Source advisory: SNYK:JAVA-IOMICRONAUT-16478712...

Always-Incorrect Control Flow Implementation

Overview torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when compiling model with torch.rot90 and torch.randnlike functions while...

Reachable Assertion

Overview torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Reachable Assertion in the torch.linalg.lu function. In AOTAutograd mode LU decomposition can't accept slice operation and An attacker can cause the...

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion in the torch.linalg.lu function. In AOTAutograd mode LU decomposition can't accept slice operation and An attacker can cause the application to become unresponsive or crash if backend="aoteager" by providing speciall...

MAL-2025-47473 Malicious code in aot-npm-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 387dbb36bb1161598fbfa2872fbf071892696c3a1df11c616ffa424495bacdb0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in aot-npm-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 387dbb36bb1161598fbfa2872fbf071892696c3a1df11c616ffa424495bacdb0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview aot-npm-package is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via a flaw in the certificate validation logic, which accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. An attacker can use this to...

This Week in Spring – March 18th, 2025

Hi, Spring fans! I just got back from the amazing JavaOne show held in Redwood Shores. It was a fun, uproarious event and a great chance to reconnect with tons of friends, old and new. I love this community! One of the central highlights of this show? Java 24 is here, finally! And, as usual, we'v...

PVS Server Down In Console After Upgrade to 2402CU1

After upgrading the first PVS Server in the FARM to 2402 CU1 and running the Configuration Wizard the PVS Server appears down in the console. The Configuration Wizard completes with errors. The following is one example found in the AOT logs:...

This Week in Spring - November 12th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Spring Cloud 2024.0.0-RC1 aka Moorgate has been released In this installment of A Bootiful Podcast , I talk to Gradle developer advocate Baruch Sadogursky good news everybody! GraalVM will now support jcmd, which allows you t...

From Spring Framework 6.2 to 7.0

Dear Spring community, Spring Framework 6.2 is shaping up for general availability in November 2024, with particularly significant revisions in the core container and in our web support: see "What's New in Spring Framework 6.2". This release is designed for use with JDK 17-23 and Jakarta EE 9-10...

CVAD wizard fails with device name # is invalid when PVS-Accelerator is enabled

We are using XenServer 8.0 and PVS Accelerator the CVAD wizard will fail to create new devices. When an AOT trace is captured and analyzed you will see the following errors in the logs: PVSDllHypervisorPlatformsAO,,0,,5,Information,"XenAPI failure, error description:...

Spring Tips: Further, Faster with Spring Boot 3.3

Hi, Spring fans! In this installment we look at ways to make your applications go further, faster, with AppCDS, GraalVM, AOT on the JRE, and Project CRaC coordinate restore at checkpoint springboot java graalvm programming coding...

This Year in Spring - 2023

Welcome to another installment of This Week in Spring! It's December 26th, 2023, and we're staring down the new year! And you know what that means, right? It's time for our annual roundup, looking at all the latest and greatest in the wild and wonderful world of Springdom. This is This Year in...

OSV-2023-857 Segv on unknown address in FunctionCompiler::compileReturn

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62375 Crash type: Segv on unknown address Crash state: FunctionCompiler::compileReturn WasmEdge::AOT::Compiler::compile WasmEdge::AOT::Compiler::compile...

All together now: Spring Boot 3.2, GraalVM native images, Java 21, and virtual threads with Project Loom,

This has been a very long time in coming, but finally we can create GraalVM native images that use Spring Boot via Spring Boot 3.2 and Java 21's virtual threads Project Loom! Why does all this matter? Each of these individual things, Project Loom, and GraalVM native images, offer compelling runti...

A Bootiful Podcast: Sonatype's Steve Poole and Gradle's Justin Reock on Improving Developer Productivity without compromising on things like security

Hi, Spring fans! Welcome to another installment of a Bootiful Podcast! In this installment, recorded at Devnexus in Atlanta, GA, I talk to newcomer to the show Steve Poole, from Sonatype, and Justin Reock, from Gradle, about improving developer productivity without comprising on things like...

Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month,...

A Bootiful Podcast: José Paumard, Java Champion alumnus and Java legend, on Project Loom, Valhalla, and more, from Devnexus 2023!

Hi, Spring fans! Welcome to another installment of A Bootiful Podcast. In this installment I'll talk to legendary Oracle Java Champion alumnus, Java advocate, professor emeritus, and all around amiable fellow José Paumard, recorded at the amazing Devnexus 2023 event! José's English-language Youtu...