55 matches found
CVE-2026-48995
A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to serve malicious software packages if the codeload.github.com server is compromised or a user's machine configuration is tampered with. The issue arises because pnpm does not verify the integrity of...
Resources Downloaded over Insecure Protocol
Overview Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol. Go Vulnerability Report: A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any...
EUVD-2022-28587
Malicious code in bioql PyPI...
EUVD-2022-52772
Malicious code in bioql PyPI...
EUVD-2023-29930
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-31156
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies eith...
Linux Distros Unpatched Vulnerability : CVE-2023-26053
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys...
Linux Distros Unpatched Vulnerability : CVE-2022-23630
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept ...
CVE-2020-5252
The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...
BIT-GRADLE-2022-23630 Dependency verification bypass in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...
BIT-GRADLE-2023-26053 Gradle usage of long IDs for PGP keys opens potential for collision attacks
Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...
BIT-GRADLE-2023-35946 Dependency cache path traversal in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...
CVE-2022-31156
A flaw was found in Gradle, which allows a remote, authenticated attacker to bypass security restrictions caused by an issue of dependency verification. It can ignore checksum verification when signature verification cannot be performed. By sending a specially crafted request, an attacker can...
CVE-2023-35946
A flaw was found in Gradle that permits directory traversal in its evaluation of repository paths. This issue could allow a local attacker to overwrite a file in the dependency cache with malicious code. Mitigation Users unable to upgrade should use dependency verification to make this...
SUSE CVE-2023-35946
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...
CVE-2023-35946
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...
DEBIAN-CVE-2023-35946
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...
UBUNTU-CVE-2023-35946
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...
CVE-2023-35946
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...
CVE-2023-35946 Dependency cache path traversal in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...