150 matches found
EUVD-2025-199059
Malicious code in parcel-plugin-asset-copier npm...
Malicious code in parcel-plugin-asset-copier (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 344955077c61592ec46c29550b12878886b0b61f3a7c84e050d6d25756f60bf2 The package parcel-plugin-asset-copier was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190984 Malicious code in parcel-plugin-asset-copier (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 344955077c61592ec46c29550b12878886b0b61f3a7c84e050d6d25756f60bf2 The package parcel-plugin-asset-copier was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-8432
Malicious code in bioql PyPI...
EUVD-2024-37525
Malicious code in bioql PyPI...
EUVD-2025-25132
Malicious code in bioql PyPI...
EUVD-2025-25131
Malicious code in bioql PyPI...
BIT-JUPYTERLAB-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action
JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...
ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
...
CVE-2025-55214
Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...
CVE-2025-55201
Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...
5bb-task (=3.49.1rc1), aegis-stack (>=0.2.0 <=0.7.0) +163 more potentially affected by CVE-2025-55214 via copier (>=7.1.0 <=9.9.0)
copier PYPI version =7.1.0, =0.2.0, =0.1.0, =0.2.1, =0.2.1, =0.2.3, =0.2.3, =0.2.3, =0.2.1, =0.2.1, =0.1.0, =1.0.0, =0.2.0, =0.0.1b1, =0.0.1b4 and more Source cves: CVE-2025-55214 Source advisory: OSV:GHSA-P7Q8-GRRJ-3M8W...
Copier's safe template has filesystem write access outside destination path
Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path...
GHSA-P7Q8-GRRJ-3M8W Copier's safe template has filesystem write access outside destination path
Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path...
Copier's safe template has arbitrary filesystem read/write access
Impact Copier's current security model shall restrict filesystem access through Jinja: - Files can only be read using % include ... %, which is limited by Jinja to reading files from the subtree of the local template clone in our case. - Files are written in the destination directory according to...
5bb-task (=3.49.1rc1), aegis-stack (>=0.2.0 <=0.7.0) +167 more potentially affected by CVE-2025-55201 via copier (>=2.3.3 <=9.9.0)
copier PYPI version =2.3.3, =0.2.0, =0.1.0, =0.2.1, =0.2.1, =0.2.3, =0.2.3, =0.2.3, =0.2.1, =0.2.1, =0.1.0, =1.0.0, =0.2.0, =0.0.1b1, =0.0.1b4 and more Source cves: CVE-2025-55201 Source advisory: OSV:GHSA-3XW7-V6CJ-5Q8H...
5bb-task (=3.49.1rc1), aegis-stack (>=0.2.0 <=0.7.0) +163 more potentially affected by CVE-2025-55214 via copier (>=7.1.0 <=9.9.0)
copier PYPI version =7.1.0, =0.2.0, =0.1.0, =0.2.1, =0.2.1, =0.2.3, =0.2.3, =0.2.3, =0.2.1, =0.2.1, =0.1.0, =1.0.0, =0.2.0, =0.0.1b1, =0.0.1b4 and more Source cves: CVE-2025-55214 Source advisory: SNYK:PYTHON-COPIER-12009006...
Directory Traversal
Overview copier is an A library for rendering project templates. Affected versions of this package are vulnerable to Directory Traversal via the rendering process when generating a directory structure whose rendered path is either a relative parent path or an absolute path. An attacker can...
CVE-2025-55214
Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...