EUVD-2022-4718

Malicious code in bioql PyPI...

ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2025-0190 via aim (>=3.17.4 <=4.0.3)

aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2025-0190 Source advisory: SNYK:PYTHON-AIM-9510937...

SUSE CVE-2017-1000400

The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/job-name/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and...

GHSA-P8X8-P473-MMMV Missing Authorization in Jenkins

The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/job-name/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and...

ai.chronon:aggregator_2.11 (>=0.0.1 <=thread_contention-0.0.23-dev3), ai.chronon:aggregator_2.12 (>=0.0.6 <=thread_contention-0.0.23-dev3) +5720 more potentially affected by CVE-2019-17531 via com.fasterxml.jackson.core:jackson-databind (>=2.9.0 <=2.9.10)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.9.0, =0.0.1, =0.0.6, =0.0.1, =local, =0.0.6, =0.0.1, =0.0.1, =0.0.6, =0.0.1, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.3-20200811-2e41939 - at.ac.ait:ariadne-json-route-format =1.0-java7 and more Source cves: CVE-2019-17531 Source advisory:...

Information disclosure

The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/job-name/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and...