CVE-2025-55740

nginx-defender is a high-performance, enterprise-grade Web Application Firewall WAF and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml...

CVE-2025-55740 Default Credentials in nginx-defender Configuration Files

nginx-defender is a high-performance, enterprise-grade Web Application Firewall WAF and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml...

Malicious code in just-function-compose (npm)

The package just-function-compose was found to contain malicious code...

MAL-2025-24116 Malicious code in just-function-compose (npm)

The package just-function-compose was found to contain malicious code...

CVE-2025-54388 vulnerabilities

Vulnerabilities for packages: trivy-fips, spire-server-fips, trivy, apko, melange, opentelemetry-collector-fips, dagger, goreleaser, grype-fips, aws-otel-collector-fips, zot, buildkitd-fips, bootc-image-builder, docker-compose-fips, prometheus-fips, chainctl, prometheus, tw, docker-compose,...

Malicious code in winston-compose (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 981347a4b88ce00ab42b1a3f93b56d89cf28282070c617325e304221c6ce4882 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6004 Malicious code in winston-compose (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 981347a4b88ce00ab42b1a3f93b56d89cf28282070c617325e304221c6ce4882 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Fedora 43 : docker-compose (2025-025aff9420)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-025aff9420 advisory. Automatic update for docker-compose-2.36.1-1.fc43. Changelog Mon May 19 2025 Bradley G Smith - 2.36.1-1 - Update to release v2.36.1 - Resolves:...

DEBIAN-CVE-2025-38226

In the Linux kernel, the following vulnerability has been resolved: media: vivid: Change the siize of the composing syzkaller found a bug: BUG: KASAN: vmalloc-out-of-bounds in tpgfillplanepattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 inline BUG: KASAN: vmalloc-out-of-bounds in...

Sensitive Information Disclosure

sentry-android is vulnerable to Sensitive Information Disclosure. The vulnerability is due to inadequate data masking of sensitive data appearing in Jetpack Compose text composables during Android session replays under specific configurations...

The vulnerability of the cifs_compose_mount_options() function in the fs/cifs/cifs_dfs_ref.c module of the Linux kernel file system allows a hacker to cause a service failure.

The vulnerability of the cifscomposemountoptions function in the fs/cifs/cifsdfsref.c module of the Linux file system support module is related to the use of a NULL pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the ComposeViewHierarchyNode object. An attacker can access unmasked sensitive data by reviewing Android session replays that include text composables. Note: This ...

sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+

Impact Under specific circumstances, text composables may contain unmasked sensitive data in Android session replays. You may be impacted if you meet the following conditions: - Using any sentry-android with versions = 1.8.0-alpha08 - This includes any alpha, beta, release candidate, or general...

GHSA-7CJH-XX4R-QH3F sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+

Impact Under specific circumstances, text composables may contain unmasked sensitive data in Android session replays. You may be impacted if you meet the following conditions: - Using any sentry-android with versions = 1.8.0-alpha08 - This includes any alpha, beta, release candidate, or general...

PT-2025-27499 · Maven · Io.Sentry:Sentry-Android +1

Impact Under specific circumstances, text composables may contain unmasked sensitive data in Android session replays. You may be impacted if you meet the following conditions: - Using any sentry-android with versions = 1.8.0-alpha08 - This includes any alpha, beta, release candidate, or general...

szluyu99 gin-vue-blog 安全漏洞

szluyu99 gin-vue-blog is a Golang full-stack blog by Zhenyu personal developer, supporting Docker Compose one-click deployment. Based on the latest front-end and back-end technology stack Vue3, TS, Unocs, Redis and so on. The front-end contains a blog post display front , blog background manageme...

SUSE-SU-2025:20385-1 Security update for docker-compose

This update for docker-compose fixes the following issues: Update to version 2.33.1: Improvements - Add support for gwpriority, enableipv4 requires docker v28.0 by @thaJeztah in 12570 Fixes - Run watch standalone if menu fails to start by @ndeloof in 12536 - Report error using non-file...

CVE-2025-47290 vulnerabilities

Vulnerabilities for packages: docker-compose, neuvector-scanner...

GHSA-CM76-QM8V-3J95 vulnerabilities

Vulnerabilities for packages: docker-compose, neuvector-scanner...

CVE-2025-47290 vulnerabilities

Vulnerabilities for packages: neuvector-fips, neuvector, neuvector-scanner, docker-compose-fips, docker-compose...