8 matches found
EUVD-2025-6186
Malicious code in bioql PyPI...
CVE-2025-27510
conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the PyPi repository nor registered by any entity. If conda-oci-mirror is taken over by a threat actor, it can result in...
Unsafe Dependency Resolution
Overview conda-forge-metadata is a programatic access to conda-forge's metadata Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to an unclaimed optional dependency. The package specifies an optional dependency on conda-oci-mirror, which is neither present on t...
CVE-2025-27510
conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the PyPi repository nor registered by any entity. If conda-oci-mirror is taken over by a threat actor, it can result in...
CVE-2025-27510 RCE in the package conda-forge-metadata
conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the PyPi repository nor registered by any entity. If conda-oci-mirror is taken over by a threat actor, it can result in...
CVE-2025-27510 RCE in the package conda-forge-metadata
conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the PyPi repository nor registered by any entity. If conda-oci-mirror is taken over by a threat actor, it can result in...
CVE-2025-27510 RCE in the package conda-forge-metadata
conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the PyPi repository nor registered by any entity. If conda-oci-mirror is taken over by a threat actor, it can result in...
CVE-2025-27510
CVE-2025-27510 concerns conda-forge-metadata which relies on an optional dependency, conda-oci-mirror, that was neither present on PyPI nor registered by any entity. If an attacker gains control of that dependency, it could enable remote code execution via the affected package’s metadata access. ...