162 matches found
Malicious code in @pa-client/power-code-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60c9037c2e5ca709c20fd2beb65a40e9649cbc3735c1989647ba5aae2889672d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
com.azavea.geotrellis:geotrellis-server-core_2.11 (>=4.0.1 <=4.2.0), com.azavea.geotrellis:geotrellis-server-ogc_2.11 (>=4.0.1 <=4.2.0) +145 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.11 (>=1.0.0-M1 <=1.1.0-M1)
co.fs2:fs2-io2.11 MAVEN version =1.0.0-M1, =4.0.1, =4.0.1, =4.0.1, =0.4.0, =0.4.0, =5.0.0, =2.0.0, =1.1.0, =1.0-M1, =0.10.0, =0.11.0, =0.1.0, =0.0.3, =0.0.3, =0.0.8 and more Source cves: CVE-2025-58369 Source advisory: OSV:GHSA-RRW2-PX9J-QFFJ...
Malicious code in html-webpack-plugin-babel-express-inquirer (npm)
The package html-webpack-plugin-babel-express-inquirer was found to contain malicious code...
Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow
...
Linux Distros Unpatched Vulnerability : CVE-2019-10753
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse- cdt, and all versions prior to version 3.0.1 for...
change-object (=0.0.0), cli-qa (=2.0.0) +7 more potentially affected by unknown CVE via run-serially (=0.0.0)
run-serially NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on run-serially and may be impacted: - change-object =0.0.0 - cli-qa =2.0.0 - comma-list =0.0.0 - fd-select =1.0.0 - frp-tick =1.0.0 - innkeeper =1.0.4 - limited-parallel-loop...
app.cash.lilbitcoinj:lilbitcoinj-core (>=0.0.2 <=0.0.3), app.cash.lninvoice:ln-invoice (>=0.0.1 <=0.0.6) +1309 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-jdk15to18 (>=1.63 <=1.77)
org.bouncycastle:bcprov-jdk15to18 MAVEN version =1.63, =0.0.2, =0.0.1, =0.2.9, =0.1.0, =0.2.1, =0.2.0, =1.0.0, =1.0.1, =0.2.0, =0.2.0, =1.0.0.RELEASE, =1.0.0, =1.0.0.RELEASE, =2.7.0 and more Source cves: CVE-2025-8885 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-11777845...
africa.absa:inception-application (>=1.0.0 <=1.2.0), ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0) +5879 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.0.0 <=1.2.7)
io.projectreactor.netty:reactor-netty-http MAVEN version =1.0.0, =1.0.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1...
be.atbash.test:integration-testing (=2.2.0), be.atbash.test:integration-testing-database (=2.2.0) +641 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (>=4.0.0 <=4.0.6)
org.apache.cxf:cxf-core MAVEN version =4.0.0, =1.0.0, =12.1-7-21, =0.0.1, =2.70.0, =2.71.1 - com.codbex.kronos:codbex-kronos-commons =2.70.0 - com.codbex.kronos:codbex-kronos-components-api-parent =2.69.0 - com.codbex.kronos:codbex-kronos-components-engine-xsjob =2.69.0 and more Source cves:...
PT-2025-29518 · Wegia · Wegia
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.5 Description: WeGIA is an open source web manager designed for the Portuguese language and charitable institutions. A SQL Injection vulnerability exists that allows the execution of arbitrary SQL commands,...
ai.chronon:flink_2.12 (>=0.0.62 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:online_2.11 (>=0.0.25 <=revert-391-thread-0.0.24) +5770 more potentially affected by CVE-2025-27819 via org.apache.kafka:kafka-clients (>=2.0.0 <=3.9.0)
org.apache.kafka:kafka-clients MAVEN version =2.0.0, =0.0.62, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.86, =0.0.1, =0.0.1, =thread-pool-0.0.24-dev, =0.0.6, =1.0.6, =1.0.6, =0.0.2, =0.3.0 and more Source cves: CVE-2025-27819 Source advisory: SNYK:JAVA-ORGAPACHEKAFKA-10350513...
com.erudika:para-jar (>=1.30.0 <=1.50.7), com.erudika:para-war (>=1.24.4 <=1.49.5) potentially affected by CVE-2025-49009 via com.erudika:para-server (>=1.24.4 <=1.50.7)
com.erudika:para-server MAVEN version =1.24.4, =1.30.0, =1.24.4, =1.49.5 Source cves: CVE-2025-49009 Source advisory: OSV:GHSA-QX7G-FX8Q-545G...
01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25918 more potentially affected by CVE-2025-4287 via torch (>=1.0.0 <=2.9.1)
torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.0.16 - a1facts =0.2.6 and more Source cves: CVE-2025-4287 Source advisory: SNYK:PYTHON-TORCH-10332643...
cbtham-feast-az-provider (=0.2.299), elemeno-ai-sdk (>=0.0.5 <=0.6.11) +26 more potentially affected by CVE-2024-11602 via feast (>=0.14.1 <=0.9.9)
feast PYPI version =0.14.1, =0.0.5, =0.0.1, =0.1.0, =0.1.0, =0.3.0, =0.1.1, =0.1.0, =0.0.2, =1.0.0, =1.0.0, =0.1.0, =0.4.0rc1 - mlops-ods =0.1.202406281646 and more Source cves: CVE-2024-11602 Source advisory: SNYK:PYTHON-FEAST-9510933...
Malicious code in bprinter (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 60e98383c92d7a5641f3cf793495e55df40673a30bc462affc499d56cdd47e56 Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...
date-a-scientist (>=0.1.18 <=0.1.19) potentially affected by CVE-2024-12366 via pandasai (=2.3.0)
pandasai PYPI version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on pandasai and may be impacted: - date-a-scientist =0.1.18, =0.1.19 Source cves: CVE-2024-12366 Source advisory: SNYK:PYTHON-PANDASAI-8715593...
ai.ancf.lmos:arc-runner (>=0.1.1 <=0.120.0), ai.bizone:json-transform (>=1.0.0 <=1.16.0) +5216 more potentially affected by CVE-2023-1370 +1 more via net.minidev:json-smart (>=2.5.0 <=2.5.1)
net.minidev:json-smart MAVEN version =2.5.0, =0.1.1, =1.0.0, =0.6.0, =0.5.0, =0.7.0, =3.10.0.5, =0.5.0, =0.1.0, =1.5.3.RELEASE, =1.5.4.RELEASE, =1.5.4.RELEASE, =2.0.0, =1.3.3, =1.4.0 and more Source cves: CVE-2023-1370, CVE-2024-57699 Source advisory: SNYK:JAVA-NETMINIDEV-8689573...
1game-texas-holdem (>=1.2.0 <=1.11.1), @1studio/ui (>=1.0.0-beta.1 <=3.9.0) +995 more potentially affected by CVE-2020-26308 via validate.js (>=0.10.0 <=0.13.1)
validate.js NPM version =0.10.0, =1.2.0, =1.0.0-beta.1, =5.0.1, =0.1.0, =1.0.6, =3.3.20, =2.0.0-alpha.1, =0.3.9, =1.3.0, =1.2.1, =0.3.12, =1.3.12, =0.1.1, =0.1.26 and more Source cves: CVE-2020-26308 Source advisory: OSV:GHSA-RV73-9C8W-JP4C...
0-1-project (=0.0.1), 0.8.18-p11 (=0.8.18-p12) +60844 more potentially affected by CVE-2024-9506 via vue (>=2.0.0-beta.1 <=2.7.9)
vue NPM version =2.0.0-beta.1, =1.0.0, =0.0.1, =1.0.0, =0.1.0, =1.1.0, =1.2.3 - 11260plugin-plm =0.1.0 and more Source cves: CVE-2024-9506 Source advisory: OSV:GHSA-5J4C-8P2G-V4JX...
ar.com.jmfsg:api-doc (>=0.0.20 <=0.0.34), au.com.dius.pact:au.com.dius.pact.gradle.plugin (>=2.1.1 <=2.1.12) +2259 more potentially affected by CVE-2024-47855 via net.sf.json-lib:json-lib (>=0.7.1 <=2.4)
net.sf.json-lib:json-lib MAVEN version =0.7.1, =0.0.20, =2.1.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.20 and more Source cves: CVE-2024-47855 Source advisory: OSV:GHSA-WWCP-26WC-3FXM...