auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2026-35195 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-35195 Source advisory: OSV:GHSA-394W-HWHG-8VGM...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2026-34944 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-34944 Source advisory: OSV:GHSA-QQFJ-4VCM-26HV...

Malicious code in braintree-dropin (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 975d9545344189dda20be0c6790c2deebbd8fbf1d3b992641dea6f1044521436 Any computer that has this package installed or running should be considered...

MAL-2025-5242 Malicious code in braintree-dropin (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 975d9545344189dda20be0c6790c2deebbd8fbf1d3b992641dea6f1044521436 Any computer that has this package installed or running should be considered...

Malicious code in dc-comments-beta-dropin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9b940d69d756e252cedb90472d991e301153623e4118e99320cf87b299b68d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3234 Malicious code in dc-comments-beta-dropin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9b940d69d756e252cedb90472d991e301153623e4118e99320cf87b299b68d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dc-genai-dropin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4921314e7e97ba500355f996a14c9619cadf54912d2dfdbe5eb22750a5e5c1c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

NetworkManager security update

1.48.10-5.0.3 - Drop 777 permissions from the NetworkManager-dispatcher drop-in directory Orabug: 37581907 1.48.10-5.0.2 - Add a dropin file to make Networkmanager-dispatcher persistent Orabug: 36989910...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2024-51745 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2024-51745 Source advisory: OSV:RUSTSEC-2024-0438...

@glarus-labs/vendure-social-auth (>=0.0.1 <=0.1.1), @mirahi/vendure-adyen-dropin-plugin (>=0.0.1 <=0.0.5) +1 more potentially affected by unknown CVE via @vendure/core (>=0.11.1 <=1.9.6)

@vendure/core NPM version =0.11.1, =0.0.1, =0.0.1, =0.0.5 - @zifahm/vendure-social-auth =0.1.2 Source cves: unknown CVE Source advisory: OSV:GHSA-H9WQ-XCQX-MQXM...