MAL-2025-31782 Malicious code in react-fatigue-dev-boiler (npm)

The package react-fatigue-dev-boiler was found to contain malicious code...

MAL-2025-18174 Malicious code in deep-dev (npm)

The package deep-dev was found to contain malicious code...

MAL-2025-11145 Malicious code in @zalastax/nolb-dev- (npm)

The package @zalastax/nolb-dev- was found to contain malicious code...

MAL-2025-20307 Malicious code in fca-rqzax-dev (npm)

The package fca-rqzax-dev was found to contain malicious code...

Malicious code in @ginger-dev/create (npm)

The package @ginger-dev/create was found to contain malicious code...

MAL-2025-6933 Malicious code in guppy-dev (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b56a4d108a100f12dd3aedb0e1f0f3b8007ecc181e366198a22242473696f219 The OpenSSF Package Analysis project identified 'guppy-dev' @ 2.0.0 n...

Malicious code in guppy-dev (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b56a4d108a100f12dd3aedb0e1f0f3b8007ecc181e366198a22242473696f219 The OpenSSF Package Analysis project identified 'guppy-dev' @ 2.0.0 n...

AZL-66318 CVE-2025-55199 affecting package helm 3.14.2-10

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...

Allocation of Resources Without Limits or Throttling

Overview github.com/helm/helm/pkg/chartutil is a package manager for kubernetes. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the processing of JSON Schema files containing $ref fields that point to device files such as /dev/zero. An...

Allocation of Resources Without Limits or Throttling

Overview helm.sh/helm/v3/pkg/chartutil is a package manager for kubernetes. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the processing of JSON Schema files containing $ref fields that point to device files such as /dev/zero. An...

Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

A Helm contributor discovered that it was possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. Impact A malicious chart can point $ref in values.schema.json to a device e.g. /dev/ or other problem file which...

CVE-2025-55199 Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...

CVE-2025-55199

CVE-2025-55199 (Helm) : Pre-3.18.5 Helm can craft a JSON Schema file that may cause Helm to consume all memory and terminate with an OOM. The issue is resolved in Helm 3.18.5. A workaround is to ensure loaded charts do not reference /dev/zero via $ref. Remediation: upgrade to Helm 3.18.5 or later...

PT-2025-33104

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.18.5 Description: Helm, a package manager for Kubernetes Charts, is susceptible to a denial-of-service issue. A crafted JSON Schema file can cause Helm to exhaust available memory, leading to an out-of-memory OOM...

Linux Distros Unpatched Vulnerability : CVE-2024-45440

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that doe...

[SECURITY] Fedora 42 Update: toolbox-0.2-1.fc42

Toolbx is a tool for Linux, which allows the use of interactive command line environments for software development and troubleshooting the host operating system, without having to install software on the host. It is built on top of Podman and other standard container technologies from OCI. Toolbx...

Linux Distros Unpatched Vulnerability : CVE-2025-38150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: afpacket: move notifier's packetdevmc out of rcu critical section Syzkaller reports the...

Linux Distros Unpatched Vulnerability : CVE-2025-37971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: staging: bcm2835-camera: Initialise dev in v4l2dev Commit 42a2f6664e18 staging: vc04services...

Linux Distros Unpatched Vulnerability : CVE-2023-52868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - thermal: core: prevent potential string overflow The dev-id value comes from idaalloc so it's a number between zero and INTMAX. If it's too high then these...

Linux Distros Unpatched Vulnerability : CVE-2021-47056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADFSTATUSPFRUNNING should be set after adfdevinit ADFSTATUSPFRUNNING is only...