Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/04/24 12:16 a.m.2 views

CVE-2026-29050

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a...

6.1CVSS0.0014EPSS
Exploits0References1
OSV
OSVadded 2026/04/23 9:53 p.m.1 views

GHSA-98F2-W9H9-7FP9 melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses

Impact An attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a value containing ../ sequences or an absolute path. The Compiled.compilePipeline function in pkg/build/compile.go passed us...

6.1CVSS5.9AI score0.0014EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Databaseadded 2026/04/23 12:0 a.m.9 views

melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses

An attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a value containing ../ sequences or an absolute path. The Compiled.compilePipeline function in pkg/build/compile.go passed uses...

6.1CVSS5.9AI score0.0014EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-19380

Malicious code in bioql PyPI...

3.2CVSS6.3AI score0.00144EPSS
Exploits0References6
OSV
OSVadded 2025/06/27 2:15 p.m.3 views

DEBIAN-CVE-2025-52992

The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...

3.2CVSS5.5AI score0.00144EPSS
Exploits0References1
OSV
OSVadded 2025/06/27 2:15 p.m.2 views

UBUNTU-CVE-2025-52992

The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...

3.2CVSS5.9AI score0.00144EPSS
Exploits0References10
SUSE CVE
SUSE CVEadded 2025/06/24 11:21 p.m.3 views

SUSE CVE-2025-52992

The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...

3.2CVSS7AI score0.00144EPSS
Exploits0References3
Rows per page
Query Builder