Malicious code in cdktn-provider-datadog (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29ce930466b101c48ae641d7e4ad57f3d5169b9f14b1e041e4264e75cbfd965b Package name cdktn-provider-datadog is a single-character variant f→n of HashiCorp's widely-used cdktf-provider-datadog CDKTF provider. README and...

MAL-2026-4824 Malicious code in cdktn-provider-datadog (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29ce930466b101c48ae641d7e4ad57f3d5169b9f14b1e041e4264e75cbfd965b Package name cdktn-provider-datadog is a single-character variant f→n of HashiCorp's widely-used cdktf-provider-datadog CDKTF provider. README and...

GHSA-MF9V-MFXR-J63J vulnerabilities

Vulnerabilities for packages: duplicity, dagster-fips, airflow, metaflow-service, dbt-core, datahub-ingestion-fips, opentelemetry-python-instrumentation, tritonserver-backend-vllm-cuda-12.9, pgadmin4, gitlab-cng-fips, superset, keep, jupyter-base-notebook, gitlab-cng, airflow-core, opal, semgrep,...

CVE-2026-44431 vulnerabilities

Vulnerabilities for packages: duplicity, dagster-fips, airflow, metaflow-service, dbt-core, datahub-ingestion-fips, opentelemetry-python-instrumentation, tritonserver-backend-vllm-cuda-12.9, pgadmin4, gitlab-cng-fips, superset, keep, jupyter-base-notebook, gitlab-cng, airflow-core, opal, semgrep,...

GHSA-QCCP-GFCP-XXVC vulnerabilities

Vulnerabilities for packages: duplicity, dagster-fips, airflow, metaflow-service, dbt-core, datahub-ingestion-fips, opentelemetry-python-instrumentation, tritonserver-backend-vllm-cuda-12.9, pgadmin4, gitlab-cng-fips, superset, keep, jupyter-base-notebook, gitlab-cng, airflow-core, opal, semgrep,...

CVE-2026-44432 vulnerabilities

Vulnerabilities for packages: duplicity, dagster-fips, airflow, metaflow-service, dbt-core, datahub-ingestion-fips, opentelemetry-python-instrumentation, tritonserver-backend-vllm-cuda-12.9, pgadmin4, gitlab-cng-fips, superset, keep, jupyter-base-notebook, gitlab-cng, airflow-core, opal, semgrep,...

GHSA-R374-RXX8-8654 vulnerabilities

Vulnerabilities for packages: py3-paramiko, datadog-agent, superset, airflow...

CVE-2026-44405 vulnerabilities

Vulnerabilities for packages: py3-paramiko, datadog-agent, superset, airflow...

CVE-2026-44405 vulnerabilities

Vulnerabilities for packages: duplicity, keep, datadog-agent, airflow, pgadmin4, py3-paramiko, keep-fips, nemo, datadog-agent-fips, superset...

GHSA-R374-RXX8-8654 vulnerabilities

Vulnerabilities for packages: duplicity, keep, datadog-agent, airflow, pgadmin4, py3-paramiko, keep-fips, nemo, datadog-agent-fips, superset...

GHSA-VFMQ-68HX-4JFW vulnerabilities

Vulnerabilities for packages: open-webui, datadog-agent, airflow, kubeflow-pipelines-visualization-server...

CVE-2026-41066 vulnerabilities

Vulnerabilities for packages: open-webui, datadog-agent, airflow, kubeflow-pipelines-visualization-server...

CVE-2026-32282 vulnerabilities

Vulnerabilities for packages: karpenter, keda, telegraf, cilium-envoy, cloud-provider-aws, dask-gateway, nerdctl, ingress-nginx-controller, newrelic-fluent-bit-output, datadog-agent, argo-cd, external-secrets-operator, knative-operator, grafana, kyverno, kube-arangodb, kine, falco-no-driver,...

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: flannel, slsa-verifier, vexctl, vault-benchmark, docker-machine-driver-harvester, xeol, argo-rollouts, cue, kubescape-operator, aws-node-termination-handler, crossplane-provider-azure-authorization, ingress-nginx-controller, cluster-api-provider-vsphere,...

GHSA-6JWV-W5XF-7J27 vulnerabilities

Vulnerabilities for packages: loki, kine, fuse-overlayfs-snapshotter, zot, mattermost, k3s, datadog-agent, containerd, grafana...

CVE-2026-33817 vulnerabilities

Vulnerabilities for packages: loki, kine, fuse-overlayfs-snapshotter, zot, mattermost, k3s, datadog-agent, containerd, grafana...

Go JOSE Panics in JWE decryption

Impact Decrypting a JSON Web Encryption JWE object will panic if the alg field indicates a key wrapping algorithm one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW and the encryptedkey field is empty. The panic happens when cipher.KeyUnwrap in keywrap.go attempts to...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

CVE-2026-32285 vulnerabilities

Vulnerabilities for packages: mcp-grafana, terraform-mcp-server, redpanda, grafana-alloy, opentelemetry-collector, datadog-agent, weaviate, k8sgpt, maru, grafana, vcluster, minio, goreleaser, eksctl, rclone, k3s, lazygit, nfpm, nuclei, prometheus, dgraph, gitlab-runner,...

Linux Distros Unpatched Vulnerability : CVE-2025-12697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowe...