@chocolatey-software/astro (>=2.0.0 <=2.5.0), choco-astro (>=0.3.1 <=0.4.0) potentially affected by CVE-2026-27729 via @astrojs/node (>=9.2.2 <=9.5.2)

@astrojs/node NPM version =9.2.2, =2.0.0, =0.3.1, =0.4.0 Source cves: CVE-2026-27729 Source advisory: OSV:GHSA-JM64-8M5Q-4QH8...

@chocolatey-software/astro (>=2.0.0 <=2.5.0), choco-astro (>=0.3.1 <=0.4.0) potentially affected by CVE-2026-27829 via @astrojs/node (>=9.2.2 <=9.5.2)

@astrojs/node NPM version =9.2.2, =2.0.0, =0.3.1, =0.4.0 Source cves: CVE-2026-27829 Source advisory: OSV:GHSA-CJ9F-H6R6-4CX2...

EUVD-2022-48204

Malicious code in bioql PyPI...

EUVD-2022-48206

Malicious code in bioql PyPI...

EUVD-2022-48205

Malicious code in bioql PyPI...

EUVD-2022-48203

Malicious code in bioql PyPI...

EUVD-2022-48200

Malicious code in bioql PyPI...

CVE-2022-45306

Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder...

CVE-2022-45307

Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder...

CVE-2022-45305

Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder...

CVE-2022-45304

Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder...

CVE-2022-45301

Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder...

Chocolatey Azure Pipelines Agent Privilege Design Vulnerability

Chocolatey can handle various types of installation packages.Azure Pipelines Agent Also known as Azure Pipelines Agent, it is mainly used to generate code or deploy software in the Devops process. A privilege design vulnerability exists in the Chocolatey Azure Pipelines Agent package v2.211.1 and...

Permission Design Vulnerability in Chocolatey Ruby

Chocolatey is a NuGet-based package manager developed for Windows systems.Ruby is a cross-platform, object-oriented, dynamically-typed programming language developed by the individual developer Yukihiro Matsumoto. A privilege design vulnerability exists in the Chocolatey Ruby package v3.1.2.1 and...

Chocolatey PHP Permission Design Vulnerability

PHP is a scripting language that executes on the server side. A privilege design vulnerability exists in the Chocolatey PHP package v8.1.12 and below, which originates from all users in the Authenticated users group having write access to the subfolder C:\tools\php81 and all files in that folder,...

chocolatey Python3 Permission Design Vulnerability

Python is an open source object-oriented programming language. A privilege design vulnerability exists in the Chocolatey Python3 package v3.11.0 and earlier versions, which originates from all users in the Authenticated users group having write access to the subfolder C:\Python311 and all files i...

Chocolatey Cmder has an unspecified vulnerability

Chocolatey Cmder is a package open sourced by Chocolatey. Chocolatey Cmder v1.3.20 and earlier versions contain a security vulnerability. An attacker could gain write access to the path C:\tools\Cmder and all files located in that folder for all users in the Authenticated Users group...

CVE-2022-45304

Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder...

CVE-2022-45305

Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder...

CVE-2022-45307

Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder...