@powersync/cli-core (>=0.0.0-dev-20260305082615 <=0.9.2), @powersync/cli-plugin-config-edit (>=0.0.0-dev-20260305082615 <=0.9.2) +19 more potentially affected by CVE-2026-30870 via @powersync/service-sync-rules (=0.32.0)

@powersync/service-sync-rules NPM version =0.32.0 is affected by a known vulnerability. The following packages have a transitive dependency on @powersync/service-sync-rules and may be impacted: - @powersync/cli-core =0.0.0-dev-20260305082615, =0.0.0-dev-20260305082615, =0.0.0-dev-20260305082615,...

PT-2025-50977

Name of the Vulnerable Software and Affected Versions Lightning Flow Scanner versions 6.10.5 and below Description Lightning Flow Scanner, a CLI plugin, VS Code Extension, and GitHub Action for Salesforce Flow analysis and optimization, is affected by an issue where maliciously crafted flow...

[SECURITY] Fedora 41 Update: docker-buildx-0.30.1-1.fc41

Docker CLI plugin for extended build capabilities with BuildKit...

[SECURITY] Fedora 42 Update: docker-buildx-0.30.1-1.fc42

Docker CLI plugin for extended build capabilities with BuildKit...

CVE-2025-64140

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands...

EUVD-2025-36658

Jenkins Azure CLI Plugin does not restrict the commands it executes...

CVE-2025-64140

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands...

CVE-2025-64140

CVE-2025-64140 concerns Jenkins Azure CLI Plugin versions 0.9 and earlier. The root cause is that the plugin does not restrict which commands it can execute on the Jenkins controller, enabling an attacker with Item/Configure permission to run arbitrary shell commands. Reported impacts include ful...

PT-2025-44289

Name of the Vulnerable Software and Affected Versions Jenkins Azure CLI Plugin versions 0.9 and earlier Description The Jenkins Azure CLI Plugin does not restrict the commands it executes on the Jenkins controller. This allows attackers with Item/Configure permission to execute arbitrary shell...

[SECURITY] Fedora 41 Update: docker-buildx-0.29.1-1.fc41

Docker CLI plugin for extended build capabilities with BuildKit...

@adobe/aio-cli (>=7.0.0 <=8.3.0), @adobe/aio-cli-plugin-app (>=7.0.0 <=8.6.1) +31 more potentially affected by CVE-2025-56648 via @parcel/reporter-dev-server (>=2.0.0-beta.1 <=2.16.3)

@parcel/reporter-dev-server NPM version =2.0.0-beta.1, =7.0.0, =7.0.0, =1.0.0, =5.0.0, =2.3.0, =3.3.6, =2.1.0, =1.0.0-alpha.27, =2.0.0, =2.0.0, =0.0.2, =0.0.2, =2.0.0-beta.1, =2.13.4-canary.3389, =2.13.4-canary.3403 and more Source cves: CVE-2025-56648 Source advisory: OSV:GHSA-QM9P-F9J5-W83W...

[SECURITY] Fedora 41 Update: docker-buildx-0.27.0-1.fc41

Docker CLI plugin for extended build capabilities with BuildKit...

Malicious code in cli-plugin-graphiql (npm)

The package cli-plugin-graphiql was found to contain malicious code...

Malicious code in cli-plugin-script (npm)

The package cli-plugin-script was found to contain malicious code...

MAL-2025-17114 Malicious code in cli-plugin-ngrok (npm)

The package cli-plugin-ngrok was found to contain malicious code...

MAL-2025-17115 Malicious code in cli-plugin-script (npm)

The package cli-plugin-script was found to contain malicious code...

Malicious code in cli-plugin-ngrok (npm)

The package cli-plugin-ngrok was found to contain malicious code...

Malicious code in cli-plugin-graphql (npm)

The package cli-plugin-graphql was found to contain malicious code...

Malicious code in cli-plugin-migrate (npm)

The package cli-plugin-migrate was found to contain malicious code...

MAL-2025-17111 Malicious code in cli-plugin-graphiql (npm)

The package cli-plugin-graphiql was found to contain malicious code...