OESA-2025-2322 python-pyinstaller security update

PyInstaller bundles a Python application and all its dependencies into a single package. The user can run the packaged app without installing a Python interpreter or any modules. Security Fixes: Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen...

Malicious code in @rxap/ngx-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e41d94f6e5c522d3783037ae1e8e338ce291027d01211c6c990a0f3a6d8c08bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47455 Malicious code in @rxap/ngx-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e41d94f6e5c522d3783037ae1e8e338ce291027d01211c6c990a0f3a6d8c08bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Medium: pki-core

Issue Overview: Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0. CVE-2025-1647 Affected Packages: pki-core Note: This advisory is applicable t...

Amazon Linux 2 : pki-core, --advisory ALAS2-2025-2995 (ALAS-2025-2995)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2995 advisory. Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...

Embedded Malicious Code

Overview ngx-bootstrap is a package that contains all core Bootstrap components powered by Angular. Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a postinstall script called bundle.js that exfiltrates secrets from the...

Malicious code in ngx-bootstrap (npm)

The package ngx-bootstrap was found have been identified as potentially malicious due to the inclusion of a minified postinstall script. It is considered suspicious because: The script appears to attempt to steal access tokens for npm, GitHub, AWS, GCP, etc. There is no changelog or new tags in t...

MAL-2025-47197 Malicious code in ngx-bootstrap (npm)

The package ngx-bootstrap was found have been identified as potentially malicious due to the inclusion of a minified postinstall script. It is considered suspicious because: The script appears to attempt to steal access tokens for npm, GitHub, AWS, GCP, etc. There is no changelog or new tags in t...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.23-openssl (SUSE-SU-2025:03159-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03159-1 advisory. Update to version 1.23.12 cut from the go1.23-fips-release branch at the revision tagged...

CVE-2025-59042

PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...

Security update for go1.23-openssl

This update for go1.23-openssl fixes the following issues: Update to version 1.23.12 cut from the go1.23-fips-release branch at the revision tagged go1.23.12-1-openssl-fips. jscSLE-18320 Rebase to 1.23.12 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash...

SUSE-SU-2025:03159-1 Security update for go1.23-openssl

This update for go1.23-openssl fixes the following issues: Update to version 1.23.12 cut from the go1.23-fips-release branch at the revision tagged go1.23.12-1-openssl-fips. jscSLE-18320 Rebase to 1.23.12 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash...

Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Impact Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as a JavaScript module-scoped global variable. When multiple requests are processed concurrently, they could inadvertently share...

GHSA-68X2-MX4Q-78M7 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Impact Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as a JavaScript module-scoped global variable. When multiple requests are processed concurrently, they could inadvertently share...

Race Condition

Overview @nguniversal/common is an Angular Universal module that is common across server-side rendering app irrespective of the rendering engine Affected versions of this package are vulnerable to Race Condition between multiple concurrent requests in the global platform injector, when using the...

GHSA-P2XP-XX3R-MFFC PyInstaller has local privilege escalation vulnerability

Impact Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryption while this entry is still present in sys.path, an application built with...

CVE-2025-59052 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...

Linux Distros Unpatched Vulnerability : CVE-2021-23472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provide...

PT-2025-36997

Name of the Vulnerable Software and Affected Versions: PyInstaller versions prior to 6.0.0 Description: PyInstaller packages Python applications and their dependencies into a single package. A specially crafted entry appended to sys.path during the bootstrap process of a PyInstaller-frozen...

Cross-Site Scripting (XSS)

Bootstrap is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the data-loading-text attribute in the button plugin, which allows an attacker to inject and execute malicious JavaScript when the button’s loading state is triggered...