@snyk/snyk-cocoapods-plugin (=2.6.0), snyk-docker-plugin (>=8.0.0 <=8.4.0) potentially affected by CVE-2026-32094 via shescape (=2.1.0)

shescape NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on shescape and may be impacted: - @snyk/snyk-cocoapods-plugin =2.6.0 - snyk-docker-plugin =8.0.0, =8.4.0 Source cves: CVE-2026-32094 Source advisory: SNYK:JS-SHESCAPE-15467452...

Supply Chain Insecurity: Exposing Vulnerabilities in IOS Dependency Management Systems

Dependency management systems are a critical component in software development, enabling projects to incorporate existing functionality efficiently. However, misconfigurations and malicious actors in these systems pose severe security risks, leading to supply chain attacks. Despite the widespread...

Malicious code in cocoapod (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-192904 Malicious code in cocoapod (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

EUVD-2024-37282

Malicious code in bioql PyPI...

EUVD-2022-1661

Malicious code in bioql PyPI...

EUVD-2022-1732

Malicious code in bioql PyPI...

EUVD-2024-37281

Malicious code in bioql PyPI...

MAL-2025-1555 Malicious code in luno-cocoapods (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9bb59e6b577e1a28cf71bf254ef70a0641db3319c1985827f792edb51ea14493 The OpenSSF Package Analysis project identified 'luno-cocoapods' @ 2.8.0 rubygems as malicious. It is considered malicious because: - The packag...

Malicious code in luno-cocoapods (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9bb59e6b577e1a28cf71bf254ef70a0641db3319c1985827f792edb51ea14493 The OpenSSF Package Analysis project identified 'luno-cocoapods' @ 2.8.0 rubygems as malicious. It is considered malicious because: - The packag...

CVE-2024-38367

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of...

CVE-2024-38366

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX...

CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

CVE-2024-38368

CVE-2024-38368 concerns CocoaPods trunk authentication server vulnerability where unclaimed pods could be claimed or where all owners could be removed, enabling takeover of pods migrated from the pre-2014 workflow to trunk. The issue stems from how ownership was managed on CocoaPods’ trunk server...

CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

CVE-2024-38367 CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of...

CVE-2024-38366

CVE-2024-38366 affects CocoaPods Trunk Server (trunk.cocoapods.org). The flaw stems from the email signup MX verification using an RFC-822 library which executes the host command to validate MX records, enabling remote code execution on the Trunk server. The underlying risk is that an attacker co...

Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks

A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting downstream customers at severe risks. The vulnerabilities allow "any malicious actor to claim ownership...

PT-2024-5208

Name of the Vulnerable Software and Affected Versions: CocoaPods affected versions not specified Description: The issue is related to the CocoaPods dependency manager, specifically affecting older pods that migrated from the pre-2014 pull request workflow to trunk. If a pod had never been claimed...