Astra Linux – Vulnerability in Git

Git is a revision control system. The Git project recommends avoiding working in untrusted repositories. Instead, clone the repository first with git clone --no-local to obtain a clean copy. Git has specific protections to ensure that this operation is safe, even when working with untrusted sourc...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fixed the issue where global state locks were locked backoff. We need to acquire the lock after the early return in the !hwpipe case. Otherwise, we might encounter contention but still return 0. This fix addresses a...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: NFS: Do not corrupt the value of pgbyteswritten in nfsdorecoalesce The value of mirror-pgbyteswritten should only be updated after a successful attempt to flush out the requests on the list...

CVE-2026-33244

A flaw was found in react-router. When using Framework Mode with pre-rendering enabled, an attacker can exploit improper handling of the HTTP Location header value. This can lead to Cross-Site Scripting XSS, allowing malicious scripts to be injected into statically generated HTML files if the...

Malicious Package

Overview vite-react-toolkit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview web-dotenv is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview @malwguy/ecto-corsair-whisper-3d2a7c is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

Malicious Package

Overview ecto-corsair-flag-x9m4 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Malicious Package

Overview ecto-rust-read-f3a9c1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview sea-bound-siren is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview ecto-flag-read-m7p2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview ecto-nightly-spirit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview solana-web3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious Package

Overview spl-token-py is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview solana-cli-py is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview atomic-lockfile is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview solana-web3-v1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @solana-labs/spl-toke is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview solana-web3-stable is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview solana-web3-patched is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...