UBUNTU-CVE-2026-28684

python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a...

EUVD-2025-175921

Malicious code in tool-dependencies-dotenv-library npm...

EUVD-2025-124258

Malicious code in nova-passport-hyperion-dotenv-safe npm...

EUVD-2025-114396

Malicious code in dotenv-parse-variables-convict-fusion-vuepress npm...

EUVD-2025-114392

Malicious code in dotenv-parse-variables-despina-helios-venus npm...

MAL-2025-18661 Malicious code in dotenv-lib (npm)

The package dotenv-lib was found to contain malicious code...

Fedora: Security Advisory for godotenv (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...