Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder

CVSSv3.1 Rating: Medium CVSSv3.1 Score: 5.9 CVSSv3.1 Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Summary and Impact An issue exists in the the EventStream header decoder in AWS SDK for Go v2 in versions predating 2026-03-23. An actor can send a malformed EventStream response frame...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the CloudFront signing utilities when unsanitized input containing special characters is passed to the policy document generation process. An attacker can alter access restrictions by injecting specially...

CVE-2022-31159

The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...

Moderate Photon OS Security Update - PHSA-2026-5.0-0733

Updates of 'rubygem-aws-sdk-s3' packages of Photon OS have been released...

0.workspace (>=0.1.0 <=0.1.1), 18a58t9c-upload (>=1.0.0 <=1.0.3) +17983 more potentially affected by unknown CVE via aws-sdk (>=2.0.11 <=2.9.0)

aws-sdk NPM version =2.0.11, =0.1.0, =1.0.0, =0.21.0, =1.0.0, =1.0.0, =0.1.0, =3.6.0, =0.0.2, =0.3.0, =0.1.0, =0.5.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-J965-2QGJ-VJMQ...

cobalt-aws (>=0.2.0 <=0.7.0) potentially affected by unknown CVE via aws-sdk-athena (>=0.13.0 <=0.9.0)

aws-sdk-athena CARGO version =0.13.0, =0.2.0, =0.7.0 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

avalanche-config-installer (>=0.2.36 <=0.2.43), avalanche-installer (>=0.0.18 <=0.0.32) +39 more potentially affected by unknown CVE via aws-sdk-s3 (>=0.0.26-alpha <=0.9.0)

aws-sdk-s3 CARGO version =0.0.26-alpha, =0.2.36, =0.0.18, =0.0.42, =0.0.5, =0.0.24, =0.0.1, =0.0.0, =0.0.46, =0.1.7, =0.4.0, =0.4.0, =0.1.1, =0.1.0, =0.8.0, =0.8.0, =0.12.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

aware (>=0.0.12 <=0.0.30), aws-manager (>=0.0.1 <=0.19.8) +3 more potentially affected by unknown CVE via aws-sdk-cloudformation (>=0.10.1 <=0.9.0)

aws-sdk-cloudformation CARGO version =0.10.1, =0.0.12, =0.0.1, =0.0.0, =0.2.0, =0.5.0 - nitor-vault =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

aware (>=0.0.1 <=0.0.30), aws-manager (>=0.0.1 <=0.19.8) +5 more potentially affected by unknown CVE via aws-sdk-ec2 (>=0.0.22-alpha <=0.9.0)

aws-sdk-ec2 CARGO version =0.0.22-alpha, =0.0.1, =0.0.1, =0.0.0, =0.1.0, =0.4.0, =0.14.0, =0.14.1 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

aws-manager (>=0.0.1 <=0.19.8), aws-sdk-manager (>=0.0.0 <=0.0.10) +2 more potentially affected by unknown CVE via aws-sdk-cloudwatchlogs (>=0.10.1 <=0.31.2)

aws-sdk-cloudwatchlogs CARGO version =0.10.1, =0.0.1, =0.0.0, =1.0.0, =1.0.4 - tracing-cloudwatch =0.1.4 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

cargo-lambda (>=0.11.0 <=0.12.0), cargo-lambda-deploy (>=0.11.0 <=0.12.0) +1 more potentially affected by unknown CVE via aws-sdk-iam (>=0.14.0 <=0.17.0)

aws-sdk-iam CARGO version =0.14.0, =0.11.0, =0.11.0, =0.12.0 - vaultrs-login =0.1.7 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

gst-plugin-aws (>=0.9.0 <=0.10.4) potentially affected by unknown CVE via aws-sdk-transcribe (>=0.19.0 <=0.24.0)

aws-sdk-transcribe CARGO version =0.19.0, =0.9.0, =0.10.4 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

CVE-2025-14760

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

CVE-2025-14760

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

EUVD-2021-2392

Malware in sbrugna...

EUVD-2018-11648

Malware in sbrugna...

EUVD-2023-43649

Malicious code in bioql PyPI...

EUVD-2023-3109

Malicious code in bioql PyPI...

EUVD-2022-7612

Malicious code in bioql PyPI...

EUVD-2023-36976

Malicious code in bioql PyPI...