16019 matches found
ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-44345 via bentoml (>=0.10.1 <=1.4.3)
bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-44345 Source advisory: OSV:PYSEC-2026-189...
@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +95 more potentially affected by CVE-2026-45357 via liquidjs (>=10.10.0 <=10.25.7)
liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0, =1.0.0-beta.5 - @clairview/api =23.1.0 and more Source cves: CVE-2026-45357 Source advisory: OSV:GHSA-HH27-HF48-9F5Q...
bsky2llm (=0.1.0), downitall-android (=1.5.0) +14 more potentially affected by CVE-2026-44353 via streamlink (>=0.14.2 <=8.0.0)
streamlink PYPI version =0.14.2, =0.3.0, =0.0.1, =0.0.18, =1.0.0, =0.12.0, =0.1.14, =1.1.0, =0.0.1, =2.1.0, =3.4.0b2 - twitch-fapi-backend =0.1.0 and more Source cves: CVE-2026-44353 Source advisory: OSV:PYSEC-2026-180...
SUSE-SU-2026:2092-1 Security update for go1.26-openssl
This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...
@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +95 more potentially affected by CVE-2026-44645 via liquidjs (>=10.10.0 <=10.25.7)
liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0, =1.0.0-beta.5 - @clairview/api =23.1.0 and more Source cves: CVE-2026-44645 Source advisory: OSV:GHSA-8XX9-69P8-7JP3...
org.yamcs:distribution (>=4.7.1 <=5.12.6), org.yamcs:packet-viewer (>=4.10.3 <=5.12.6) +14 more potentially affected by CVE-2026-44632 via org.yamcs:yamcs-core (>=0.29.3 <=5.12.6)
org.yamcs:yamcs-core MAVEN version =0.29.3, =4.7.1, =4.10.3, =4.10.3, =5.10.0, =5.10.0, =3.4.0, =4.5.0, =0.1.0, =0.1, =4.5.0, =0.29.3, =1.0.0, =4.7, =4.10.3, =5.12.6 and more Source cves: CVE-2026-44632 Source advisory: OSV:GHSA-524G-X36V-9WM6...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of the commitmutex in the netfilter reset path, leading to a circular lock dependency and...
@fedify/cli (>=2.2.0 <=2.2.3-dev.1098) potentially affected by CVE-2026-42462 via @fedify/fedify (>=2.2.0 <=2.2.3-dev.1098)
@fedify/fedify NPM version =2.2.0, =2.2.0, =2.2.3-dev.1098 Source cves: CVE-2026-42462 Source advisory: OSV:GHSA-9RFG-V8G9-9367...
@fedify/cli (>=2.0.0 <=2.0.17) potentially affected by CVE-2026-42462 via @fedify/fedify (>=2.0.0 <=2.0.17)
@fedify/fedify NPM version =2.0.0, =2.0.0, =2.0.17 Source cves: CVE-2026-42462 Source advisory: OSV:GHSA-9RFG-V8G9-9367...
@fedify/cli (>=2.0.0 <=2.0.17) potentially affected by CVE-2026-42462 via @fedify/fedify (>=2.0.0 <=2.0.17)
@fedify/fedify NPM version =2.0.0, =2.0.0, =2.0.17 Source cves: CVE-2026-42462 Source advisory: SNYK:JS-FEDIFYFEDIFY-16895732...
@de-otio/trellis (>=0.4.0 <=0.7.1), @fedify/amqp (>=0.1.0 <=0.2.0-dev.12) +6 more potentially affected by CVE-2026-42462 via @fedify/fedify (>=1.10.0 <=1.9.0-dev.1516)
@fedify/fedify NPM version =1.10.0, =0.4.0, =0.1.0, =0.3.0, =0.3.0, =0.1.0, =0.2.0, =0.0.1, =0.1.0, =1.1.20 Source cves: CVE-2026-42462 Source advisory: SNYK:JS-FEDIFYFEDIFY-16895732...
433bf (=0.0.1), @aaqilniz/cli (=4.1.4) +554 more potentially affected by CVE-2026-42089 via yeoman-environment (>=2.9.5 <=6.0.0)
yeoman-environment NPM version =2.9.5, =4.2.0, =14.0.0, =1.0.0, =0.0.1, =1.0.0-beta.1, =1.0.0-beta.1, =0.0.5, =8.0.0, =8.3.0-pre.2022-06-22.sha-42703caf, =8.0.2, =1.0.0, =1.2.1-pre.2024-01-09.d13174d0, =2.1.0 and more Source cves: CVE-2026-42089 Source advisory: OSV:GHSA-VV9J-GJW2-J8WP...
Insecure Randomness
Overview Affected versions of this package are vulnerable to Insecure Randomness due to the HKDFexpand and EVPHPKECTXexport functions returning a zero-filled byte array on failure, which is then used as key material for AEAD encryption. An attacker can predict and exploit the deterministic,...
@typebot.io/react (=0.10.0) potentially affected by CVE-2026-39964 via @typebot.io/js (=0.10.0)
@typebot.io/js NPM version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @typebot.io/js and may be impacted: - @typebot.io/react =0.10.0 Source cves: CVE-2026-39964 Source advisory: SNYK:JS-TYPEBOTIOJS-16895730...
@typebot.io/react (=0.10.0) potentially affected by CVE-2026-28445 via @typebot.io/js (=0.10.0)
@typebot.io/js NPM version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @typebot.io/js and may be impacted: - @typebot.io/react =0.10.0 Source cves: CVE-2026-28445 Source advisory: OSV:GHSA-6M7C-XFHP-P9FH...
@typebot.io/react (=0.10.0) potentially affected by CVE-2026-28445 via @typebot.io/js (=0.10.0)
@typebot.io/js NPM version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @typebot.io/js and may be impacted: - @typebot.io/react =0.10.0 Source cves: CVE-2026-28445 Source advisory: SNYK:JS-TYPEBOTIOJS-16895731...
MAL-2026-4822 Malicious code in loadtest-browser-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 934a61b207f82f8549de09139a73a80f47746bba1dacd21f657d34e6e542324e On npm install, the package's preinstall hook executes index.js, which collects host identifiers hostname, username, platform, arch, cwd, pid,...
MAL-2026-4825 Malicious code in cdktn-provider-newrelic (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51996ccf23fd3d3b291f945e2ec88504c93d7e302e183c7633632b8a03d1590d Package name 'cdktn-provider-newrelic' is a single-character edit cdktf→cdktn of HashiCorp's official 'cdktf-provider-newrelic' CDK for Terraform...
CVE-2026-8479
CVE-2026-8479 affects IEC 60870-5-104 in bidirectional mode (BCI). The vulnerability is a NULL pointer dereference triggered by a specially crafted message sequence over time, leading to a Denial of Service. Affected product behavior occurs only if IEC 60870-5-104 bidirectional functionality is c...
MAL-2026-4808 Malicious code in wm-idp-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2acf2a0d94ec1d2bada80f3251f5ecbea64d78ffadcab2b997b9708c2ae71cd package.json declares "node-fetch": "https://registry.ctzbg.com/wm-idp-sdk/node-fetch" — a direct HTTPS tarball URL hosted on a domain...