@achinet/nestjs-async (>=0.0.1 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +85 more potentially affected by unknown CVE via @asyncapi/avro-schema-parser (=3.0.24)

@asyncapi/avro-schema-parser NPM version =3.0.24 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/avro-schema-parser and may be impacted: - @achinet/nestjs-async =0.0.1, =3.0.0, =0.2.44, =4.1.3, =0.7.1, =0.9.0, =1.10.0, =0.2.0, =0.1.0, =0.2.13...

EUVD-2025-198640

Malicious code in @asyncapi/avro-schema-parser npm...

Malicious code in @asyncapi/avro-schema-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 563d7e586605241445ca55919018f95a81d98cbf9599eefa9c812eef9ccd7747 The package @asyncapi/avro-schema-parser was found to contain malicious code. Source: ghsa-malware...

@achinet/nestjs-async (>=0.0.1 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +85 more potentially affected by unknown CVE via @asyncapi/avro-schema-parser (=3.0.24)

@asyncapi/avro-schema-parser NPM version =3.0.24 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/avro-schema-parser and may be impacted: - @achinet/nestjs-async =0.0.1, =3.0.0, =0.2.44, =4.1.3, =0.7.1, =0.9.0, =1.10.0, =0.2.0, =0.1.0, =0.2.13...

EUVD-2025-13488

Malicious code in bioql PyPI...

Difficult to exploit Java SDK Updates in ASCG

Difficult to exploit vulnerabilities in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9,...

GHSA-53WX-PR6Q-M3J5 Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

CVE-2024-47561

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue...