@kimuson/claude-code-viewer (>=0.4.2 <=0.5.9), @netlify/agent-runner-cli (>=1.31.0 <=1.57.0) +12 more potentially affected by CVE-2026-25723 via @anthropic-ai/claude-code (>=2.0.0 <=2.0.51)

@anthropic-ai/claude-code NPM version =2.0.0, =0.4.2, =1.31.0, =0.0.1-rc.1, =0.5.2, =1.1.43, =0.0.0, =0.1.2, =0.11.1, =0.11.0, =1.0.0, =0.10.2, =0.11.2, =0.13.3 Source cves: CVE-2026-25723 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-15248308...

GO-2026-4368 Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea

Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea...

MAL-2026-610 Malicious code in snapshot-date (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e86008d35e5f11e68c465940563127cdc9ba1d4b2963f092914bf8e9ce2587b This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-150960 Malicious code in @miptaa02/tad (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0da562f888890c32cb642d6a9a3c9d19be471f3d60c1909b01618dd762277e2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hadi-toge94-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a025c41260da13011690b0680c83490a298b704e7d4aeef6807e54a6ca5867d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-70783 Malicious code in splendid-turquoise-parakeet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34336e1108c9712698d0ab35343583f522678858db27ff6992ab9a346459ed3e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-18246 Malicious code in delta-romeo-gqct (npm)

The package delta-romeo-gqct was found to contain malicious code...

MAL-2025-12388 Malicious code in @zalastax/nolb-miniw (npm)

The package @zalastax/nolb-miniw was found to contain malicious code...

CLSA-2025-1748639500 php: Fix of 3 CVEs

CVE-2025-1217: fix handling of folded headers by the http stream parser - CVE-2025-1734: fix validation of http headers with missing colon - CVE-2025-1861: fix incorrect http redirect location truncation...

OESA-2022-1977 bcel security update

The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Security Fixes: The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue whe...

Medialize URI.js Input Validation Error Vulnerability (CNVD-2022-23491)

Medialize URI.js is a Javascript-based code library from the Medialize team that can be used to efficiently stitch together URLs. Medialize URI.js is vulnerable to an input validation error that originates from opening redirects in medialize/uri.js. No detailed vulnerability details are available...

scratch-svg-renderer cross-site scripting vulnerability

scratch-svg-renderer is a code library used by the Scratch team to convert SVG to DOM elements. scratch-Svg-Renderer suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in WEB applications, which can be exploited to execute client-si...

PDF2JSON code problem vulnerability

PDF2JSON is a Java-based code library that allows PDF files to interact with Json files. PDF2JSON has a code problem vulnerability that stems from the discovery that pdf2json v0.71 contains a null pointer dereference in the component ObjectStream::getObject. No detailed vulnerability details are...

AviatorScript 注入漏洞

AviatorScript is a high-performance, lightweight scripting language hosted on top of Jvm. An injection vulnerability exists in AviatorScript 5.2.7 that allows code execution via expressions encoded using the Byte Code Engineering Library BCEL...

Security Bulletin: IBM Security Identity Manager deprecated Self Service UI contains Struts V1 (CVE-2016-1182)

Summary IBM Security Identity Manager made code changes to remove the deprecated function and its related Struts V1 code library. Vulnerability Details CVEID: CVE-2016-1182 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly...

Modesty Pdf2json resource management error vulnerability

Modesty Pdf2json is Modesty's personal developer of a Java-based code library that interacts PDF files with Json files. PDF2JSON version 0.70 has a security vulnerability that stems from an issue found in the function DCTStream::transformDataUnit, which could be used by an attacker to cause a...

Modesty Pdf2json code issue vulnerability

Modesty Pdf2json is a Java-based code library from Modesty's personal developer that allows PDF files to interact with Json files. PDF2JSON version 0.70 has a security vulnerability that stems from an issue found in the function DCTStream::getChar, which could be used by an attacker to cause a...

LIVE555 Streaming Media has an unspecified vulnerability

LIVE555 Streaming Media is an application from LIVE555 USA, Inc. a standards-based RTP/RTCP/RTSP/SIP multimedia streaming source code library for embedded and/or low-cost streaming applications.A security vulnerability exists in versions prior to LIVE555 Streaming Media 2021.3.16, which stems fro...

Moderate: Red Hat Security Advisory: gd security update

An update for gd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

PHPLib Team PHPLIB 7.2 - Remote Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3079/info The PHP Base Library'PHPLIB' is a code library which provides support for session management in web applications. It is targeted to developers and is widely used in many web applications, so a strong possibility...