abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +162 more potentially affected by CVE-2026-45360 via apache-airflow (>=1.8.2 <=3.2.1rc3)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =1.6.0 and more Source cves: CVE-2026-45360 Source advisory: OSV:PYSEC-2026-186...

acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.6.0rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +446 more potentially affected by CVE-2026-45426 via apache-airflow-core (>=3.0.0 <=3.2.2)

apache-airflow-core PYPI version =3.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-45426 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17131317...

CVE-2026-40963

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

io.github.bkoehm:apacheds-embedded (>=0.5 <=0.6), org.apache.activemq.examples.broker:security-ldap (>=2.24.0 <=2.31.1) +68 more potentially affected by CVE-2026-35563 via org.apache.directory.api:api-ldap-client-api (>=2.0.0 <=2.1.7)

org.apache.directory.api:api-ldap-client-api MAVEN version =2.0.0, =0.5, =2.24.0, =0.1.0, =4.7.0, =2.3.0, =1.1.0, =1.1.0, =1.1.0, =3.0.0, =3.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0.AM25, =2.0.0.AM25, =2.0.0.AM27 and more Source cves: CVE-2026-35563 Source advisory:...

acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.6.0rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +446 more potentially affected by CVE-2026-45192 via apache-airflow-task-sdk (>=1.0.0 <=1.2.2)

apache-airflow-task-sdk PYPI version =1.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-45192 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-17132596...

Malicious code in @ownit/core (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

Malicious code in @telenor-se/core (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

Malicious code in @tse-digital/core (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

MAL-2026-5154 Malicious code in @customer-threesixty/assets (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

MAL-2026-5156 Malicious code in @telenor-se/core (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

Malicious code in @customer-threesixty/assets (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

MAL-2026-5157 Malicious code in @tse-digital/core (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

MAL-2026-5155 Malicious code in @ownit/core (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

CVE-2026-40963 Apache Airflow: DAG authorization bypass on /ui/structure/structure_data

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

CVE-2026-40963

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

PT-2026-45365

Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.2.2 Description The 'structure data' endpoint in the Airflow UI fails to verify if the caller has read permissions for linked DAGs Directed Acyclic Graphs, which are collections of all the tasks you want to...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow. The...

openSUSE 16 Security Update : python-pytest-html (openSUSE-SU-2026:20839-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20839-1 advisory. Changes in python-pytest-html: - CVE-2026-9277: shell-quote: improper escaping of newlines bsc1266254 Update the vendored shell-quote to 1.8.4 nodemodul...

Malicious Package

Overview @car-loans/deal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @cloudplatform-single-spa/secret-manager is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizati...