102 matches found
[SECURITY] Fedora 41 Update: gi-docgen-2025.5-1.fc41
GI-DocGen is a document generator for GObject-based libraries. GObject is the base type system of the GNOME project. GI-Docgen reuses the introspection data generated by GObject-based libraries to generate the API reference of these libraries, as well as other ancillary documentation. GI-DocGen i...
dotnet: .NET Denial of Service Vulnerability
A flaw was found in MSBuild’s temporary directory handling on Linux where predictable, non-randomized temporary paths are used. Local users can create or manipulate those paths before MSBuild runs, causing build failures or unexpected behavior and resulting in denial of service for build operatio...
EUVD-2023-3004
Malicious code in bioql PyPI...
EUVD-2025-31073
Malicious code in bioql PyPI...
GHSA-8MJQ-32X3-22QF Duplicate Advisory: Malicious versions of Nx were published
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cxm3-wv7p-598c. This link is maintained to preserve external references. Original Description Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was...
CVE-2025-10894
Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...
Malicious code in build-system (npm)
The package build-system was found to contain malicious code...
MAL-2025-16324 Malicious code in build-system (npm)
The package build-system was found to contain malicious code...
CVE-2024-25255
Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module. NOTE: multiple third parties report that this is intended behavior...
ROS-20250121-02
A vulnerability in the koji RPM-based build system is related to insufficient cleansing of data provided by the by the user. Exploitation of the vulnerability could allow a remote attacker to perform cross-site scripting XSS attacks. Cross-site scripting XSS attacks...
Cachi2 安全漏洞
Cachi2 is an open source CLI tool from containerbuildsystem. A security vulnerability exists in Cachi2 versions prior to 0.14.0, which stems from the fact that the tool logs each function's local variables when an unhandled exception is triggered, potentially leading to the display of secret...
CVE-2024-25255
Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module. NOTE: multiple third parties report that this is intended behavior...
CVE-2024-25255
Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module. NOTE: multiple third parties report that this is intended behavior...
Sublime Text 安全漏洞
Sublime Text is a cross-platform, extensible text editor from Sublime, Inc. A security vulnerability exists in Sublime Text version 4, which stems from a discovery via the New Build System module that contains a command injection vulnerability...
CVE-2024-25255
Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module. NOTE: multiple third parties report that this is intended behavior...
PT-2024-20850 · Sublime Text · Sublime Text
Name of the Vulnerable Software and Affected Versions: Sublime Text version 4 Description: A command injection issue was found in Sublime Text via the New Build System module. It is noted that multiple third parties report this behavior as intended. Recommendations: For Sublime Text version 4, as...
CVE-2024-25255
Sublime Text 4 contains a command injection vulnerability via the New Build System module. Affected component: New Build System handling (build system targets/exec usage) leading to potential remote command execution with high impact (per CVSSv3.1: 9.8, CRITICAL, network attack vector, no user in...
Koji 安全漏洞
Koji is an open source RPM build system from Koji. A security vulnerability exists in Koji that stems from not cleaning up user input...
The vulnerability of the RPM-based build system, related to improper elimination of input data during the generation of web pages, allows attackers to perform XSS attacks.
The vulnerability of the RPM-based build system is related to the improper elimination of input data during the generation of web pages. Exploiting this vulnerability allows an attacker to carry out XSS attacks using specially crafted web interfaces...
ROS-20240828-01
A vulnerability in the koji RPM-based build system is related to improper neutralization of input data during the during web page generation. Exploitation of the vulnerability could allow an attacker to conduct XSS attacks using a specially crafted web interface. using a specially crafted web...