EUVD-2025-14756

Malicious code in bioql PyPI...

CVE-2025-31484

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

CVE-2025-31484

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

CVE-2025-31484 conda-forge infrastructure uses a bad token for Azure's cf-staging access

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

CVE-2025-31484 conda-forge infrastructure uses a bad token for Azure's cf-staging access

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

infrastructure 访问控制错误漏洞

infrastructure is an open source library from conda-forge. An access control error vulnerability exists in infrastructure versions 2025-02-10 through 2025-04-01, which stems from the use of an incorrect Azure cf-staging access token, which could lead to bypassing the upload process...