MAL-2025-190822 Malicious code in @quick-start-soft/quick-markdown-compose (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4390993c4dc5c3a55b6da923961e34a8fa5caa1f06de7f3ac1ce24dba811c018 The package @quick-start-soft/quick-markdown-compose was found to contain malicious code. Source: ghsa-malware...

lab-sqli-v1

🔐 Laboratorio de SQL Injection - Del Principiante al Experto...

AZL-70331 CVE-2025-47913 affecting package docker-compose for versions less than 2.27.0-6

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

AZL-70322 CVE-2025-47913 affecting package moby-compose for versions less than 2.17.3-12

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

ROS-20251113-08

A vulnerability in the Docker Compose multi-container application management tool is related to an incorrect restriction of the path name to a restricted directory. Exploitation of the vulnerability could allow an attacker acting remotely to overwrite an arbitrary file...

Exploit for Improper Restriction of XML External Entity Reference in Jetbrains Ktor

CVE-2023-45612 PoC This repository contains a proof of concep...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990444)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990444 advisory. In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988771)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988771 advisory. In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page...

Important Photon OS Security Update - PHSA-2025-5.0-0667

Updates of 'docker-compose' packages of Photon OS have been released...

GO-2025-4077 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose

Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose...

SUSE CVE-2025-62725

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker-supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

CVE-2025-62725: From “docker compose ps” to System Compromise

Docker Compose powers millions of workflows, from CI/CD runners and local development stacks to cloud workspaces and enterprise build pipelines. It’s trusted by developers as the friendly layer above Docker Engine that turns a few YAML lines into a running application. In early October 2025, whil...

CVE-2025-62725

Docker Compose is vulnerable to a path traversal flaw in how it handles OCI artifact layer annotations. When processing remote OCI compose artifacts, Compose trusts attacker-controlled annotation fields such as com.docker.compose.extends and com.docker.compose.envfile. This allows a crafted...

Linux Distros Unpatched Vulnerability : CVE-2025-62725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or...

Fedora: Security Advisory (FEDORA-2025-025aff9420)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-62725

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

DEBIAN-CVE-2025-62725

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

UBUNTU-CVE-2025-62725

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...