1634 matches found
GHSA-Q2HG-643C-GW8H Apache Airflow: RCE by race condition in example_xcom dag
The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...
Malicious code in buildkite-test-collector-vitest-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 912ffea9e65720bd5b35e83949fe2f51e7ae71ac918133a5dd2c6d971b5947f4 The package buildkite-test-collector-vitest-example was found to contain malicious code...
MAL-2026-2736 Malicious code in buildkite-test-collector-vitest-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 912ffea9e65720bd5b35e83949fe2f51e7ae71ac918133a5dd2c6d971b5947f4 The package buildkite-test-collector-vitest-example was found to contain malicious code...
MAL-2026-2735 Malicious code in buildkite-test-collector-playwright-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9f3f80367ea53fbaf542c199729a13115d8d848157327188cf365303af1d1f3 The package buildkite-test-collector-playwright-example was found to contain malicious code...
Malicious code in buildkite-test-collector-playwright-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9f3f80367ea53fbaf542c199729a13115d8d848157327188cf365303af1d1f3 The package buildkite-test-collector-playwright-example was found to contain malicious code...
Malicious code in buildkite-test-collector-mocha-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37fbbae0cc3cfcba7b18566c1ab1f61417b1776206c3d0317956058c43ef61fa The package buildkite-test-collector-mocha-example was found to contain malicious code...
MAL-2026-2733 Malicious code in buildkite-test-collector-jest-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6fa2618170566c342534726ad9c855cf62ad98ee9b6e815e5324c5bc4779da2 The package buildkite-test-collector-jest-example was found to contain malicious code...
Malicious code in buildkite-test-collector-jest-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6fa2618170566c342534726ad9c855cf62ad98ee9b6e815e5324c5bc4779da2 The package buildkite-test-collector-jest-example was found to contain malicious code...
MAL-2026-2732 Malicious code in buildkite-test-collector-jasmine-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6e8247a020880206aa9a5d4eb40d4b1f61cf39245356fd6e91db063d0c14b79 The package buildkite-test-collector-jasmine-example was found to contain malicious code...
Malicious code in buildkite-test-collector-jasmine-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6e8247a020880206aa9a5d4eb40d4b1f61cf39245356fd6e91db063d0c14b79 The package buildkite-test-collector-jasmine-example was found to contain malicious code...
MAL-2026-2731 Malicious code in buildkite-test-collector-cypress-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c10094969be88bd9f1aa924abf89c5dc58dd70e107adf3c95a3f58c0ba86518 The package buildkite-test-collector-cypress-example was found to contain malicious code...
Malicious code in buildkite-test-collector-cypress-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c10094969be88bd9f1aa924abf89c5dc58dd70e107adf3c95a3f58c0ba86518 The package buildkite-test-collector-cypress-example was found to contain malicious code...
CVE-2025-54550
The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...
CVE-2025-54550
The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...
CVE-2025-54550 Apache Airflow: RCE by race condition in example_xcom dag
The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...
CVE-2025-54550
Summary (CVE-2025-54550) : The issue concerns the example_xcom in Airflow documentation that reads from XComs using an unsafe pattern. The root cause is a vulnerable read pattern that could allow a UI user with XCom modification access to cause arbitrary code execution on the worker. The document...
PT-2026-32992
Name of the Vulnerable Software and Affected Versions Apache Airflow affected versions not specified Description An example named 'example xcom' in the documentation implemented an unsafe pattern for reading values from XCom. This could allow a UI user with permissions to modify XComs to execute...
Apache Airflow 安全漏洞
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...
GHSA-26WG-9XF2-Q495 Novu has a XSS sanitization bypass
Summary XSS sanitization is incomplete, some attributes are missing such as oncontentvisibilityautostatechange=. This allows for the email preview to render HTML that executes arbitrary JavaScript, Details Sanitization is implemented here:...
org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2026-39304 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)
org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2026-39304 Source advisory: OSV:GHSA-5568-6QCG-G7FX...