com.expediagroup.apiary:apiary-ranger-metastore-plugin (>=7.2.1 <=8.1.15), com.witboost.provisioning:scala-mesh-ranger_2.13 (=1.0.0) +67 more potentially affected by CVE-2025-59059 via org.apache.ranger:ranger-plugins-common (>=0.6.0 <=2.7.0)

org.apache.ranger:ranger-plugins-common MAVEN version =0.6.0, =7.2.1, =0.8.44-4, =0.18.0, =466, =0.6.0-incubating, =0.8.0-incubating, =1.6.0-incubating, =1.6.0-incubating, =0.3.0, =0.3.0, =1.1.0, =1.1.0, =2.0.0, =1.3.0, =2.0.0 and more Source cves: CVE-2025-59059 Source advisory:...

EUVD-2020-0578

Malware in sbrugna...

EUVD-2020-0290

Malware in sbrugna...

EUVD-2022-0042

Malicious code in bioql PyPI...

EUVD-2022-4566

Malicious code in bioql PyPI...

CVE-2020-7597

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...

CVE-2020-7596

Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument...

CVE-2020-15123

In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update vendored crates CVE-2024-43806, bsc1229952, bsc1230029 rustix 0.37.25 rustix 0.38.34 shlex 1.3.0 Update to version 0.2.6+13: Enable test functional/iak-idevid-persisted-and-protected builddeps: bump uuid from 1.7.0 to 1.10.0 builddep...

SUSE CVE-2019-10800

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...

openSUSE 15 Security Update : python-codecov (SUSE-SU-2022:2752-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:2752-1 advisory. - This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen...

Limiting the Software Supply Chain Attack Surface

Limiting the Software Supply Chain Attack Surface By Trellix · September 21, 2022 This blog was written by Douglas McKee We often discuss how the intentions of an action matter, and it's clear to see why they do. If I am walking down the sidewalk, distracted by my phone of course and run into a...

Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks

Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 a reference to eleet or leet to secure the ecosystem from supply chain attacks. Called the Open Source Software Vulnerability Rewards Program OSS VRP, the offering is...

openSUSE: Security Advisory for python-codecov (SUSE-SU-2022:2752-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:2752-1 Security update for python-codecov

This update for python-codecov fixes the following issues: - CVE-2019-10800: Fixed sanitization of gcov arguments before being being provided to the popen method bsc1201494...

Command Injection

codecov is vulnerable to command injection. The vulnerability exists due to the lack of sanitization in the gcov arguments in the main function of init.py, allowing an attacker to inject and execute malicious commands before being provided to the Popen functionality...

GHSA-H3QR-FJHM-JPHW Codecov does not sanitize gcov arguments

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...

Codecov does not sanitize gcov arguments

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...

CVE-2019-10800

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...

CVE-2019-10800

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...