183 matches found
Malicious Package
Overview @mosfe/beam-git-util is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
SUSE CVE-2025-69820
Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function...
GO-2026-4390 Beam Exposes sensitive information via joinCleanPath function in github.com/beam-cloud/beta9
Beam Exposes sensitive information via joinCleanPath function in github.com/beam-cloud/beta9...
CVE-2025-69820
Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function...
GHSA-73JG-4QH6-3F4G Beam Exposes sensitive information via joinCleanPath function
Directory Traversal vulnerability in Beam beta9 v.0.1.552 allows a remote attacker to obtain sensitive information via the joinCleanPath function...
Beam Exposes sensitive information via joinCleanPath function
Directory Traversal vulnerability in Beam beta9 v.0.1.552 allows a remote attacker to obtain sensitive information via the joinCleanPath function...
CVE-2025-69820
Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function...
CVE-2025-69820
Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function...
CVE-2025-69820
Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function...
PT-2026-3950
Name of the Vulnerable Software and Affected Versions Beam versions 0.1.552 beta9 Description A directory traversal issue exists in Beam beta9 version 0.1.552. This allows a remote attacker to potentially access sensitive information through the joinCleanPath function. Recommendations At the...
CVE-2025-69820
CVE-2025-69820 concerns a Directory Traversal in Beam (beta9) involving the joinCleanPath function. Multiple sources (SUSE, Red Hat, OSV ecosystems, NVD/NVD-linked) describe exposure of sensitive information via crafted paths in Beam beta9 releases (notably versions around 0.1.521/0.1.552). The r...
Beam security vulnerabilities
Beam is an open-source artificial intelligence runtime environment developed by Beam. Version beam beta9 0.1.552 contains a security vulnerability. This vulnerability stems from the directory traversal vulnerability in the joinCleanPath function, which could allow remote attackers to obtain...
CVE-2025-69820
Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function...
CVE-2025-69820
Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function...
GHSA-XQRQ-4MGF-FF32 vulnerabilities
Vulnerabilities for packages: apache-beam-python-3.11-sdk...
CVE-2025-50817 vulnerabilities
Vulnerabilities for packages: apache-beam-python-3.11-sdk...
MAL-2025-49065 Malicious code in wdr-beam (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16487b4b3ab32616874e0d9510ebc6c9ebf957bccdd7bfe6e84d60e0d1b89cf2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in wdr-beam (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16487b4b3ab32616874e0d9510ebc6c9ebf957bccdd7bfe6e84d60e0d1b89cf2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-36784
Malicious code in wdr-beam npm...
Malicious Package
Overview wdr-beam is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...