MAL-2025-17112 Malicious code in cli-plugin-graphql (npm)

The package cli-plugin-graphql was found to contain malicious code...

Regular Expression Denial Of Service (ReDoS)

@vue/cli-plugin-pwa is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to unsafe regex handling in the HtmlPwaPlugin component of the Markdown code handler, which can be exploited remotely to degrade performance...

@axeridev/flux-ui (>=0.0.7 <=0.4.3), @bpui/build-cli (=0.0.1) +21 more potentially affected by CVE-2025-5897 via @vue/cli-plugin-pwa (>=3.12.1 <=5.0.8)

@vue/cli-plugin-pwa NPM version =3.12.1, =0.0.7, =0.0.6, =0.0.14, =7.0.0-beta.3, =0.12.0-alpha.0, =0.1.2, =0.1.5, =0.1.5, =0.1.2, =7.0.0-beta.3, =2.0.0, =2.3.8 and more Source cves: CVE-2025-5897 Source advisory: OSV:GHSA-79VF-HF9F-J9Q8...

ROS-20250515-04

The vulnerability of the docker CLI plugin that extends Buildx build capabilities is related to the fact that the software stores sensitive information in log files. software stores sensitive information in log files. Exploiting the vulnerability could allow an attacker to gain access to sensitiv...

CVE-2025-0495

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

CVE-2025-0495

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

CVE-2025-0495 Secrets leakage to telemetry endpoint via cache backend configuration via buildx

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

CVE-2025-0495

CVE-2025-0495 affects docker-buildx/moby-buildx (Buildx) where credentials set as attribute values in cache-to/cache-from can be captured by OpenTelemetry traces and BuildKit history. Exploitation status is not detailed in the provided sources. The vulnerability does not apply to secrets passed v...

MAL-2024-11893 Malicious code in vue-cli-plugin-lint-staged (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb4c725718310cb969ec6171fad585bea2b58fc7d4460be6b706cb8529356d7a The OpenSSF Package Analysis project identified 'vue-cli-plugin-lint-staged' @ 9.9.7 npm as malicious. It is considered malicious because: - The...

Malicious code in vue-cli-plugin-lint-staged (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb4c725718310cb969ec6171fad585bea2b58fc7d4460be6b706cb8529356d7a The OpenSSF Package Analysis project identified 'vue-cli-plugin-lint-staged' @ 9.9.7 npm as malicious. It is considered malicious because: - The...

Malicious code in vue-cli-plugin-changelog (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-11486 Malicious code in vue-cli-plugin-changelog (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in bosh-cli_plugin_redis (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Fedora: Security Advisory for golang-k8s-sample-cli-plugin (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-k8s-sample-cli-plugin-1.22.0-5.fc36

This package implements a single kubectl plugin for switching the namespace t hat the current KUBECONFIG context points to. In order to remain as indestructive as possible, no existing contexts are modified...

Fedora: Security Advisory for golang-k8s-sample-cli-plugin (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-k8s-sample-cli-plugin-1.22.0-2.fc35

This package implements a single kubectl plugin for switching the namespace t hat the current KUBECONFIG context points to. In order to remain as indestructive as possible, no existing contexts are modified...

Fedora: Security Advisory for golang-k8s-sample-cli-plugin (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Missing Authorization in Jenkins Kubernetes CLI Plugin

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2021-21661

CVE-2021-21661 affects Jenkins Kubernetes CLI Plugin 1.10.0 and earlier. Several HTTP endpoints lack permission checks, enabling attackers with Overall/Read to enumerate credentials IDs stored in Jenkins. The Connected documents provide this vulnerability description and references but do not inc...