PYSEC-2025-79

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

Malicious code in poc-sim (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8bc002dd617428d821e25cfa749908affae826cf40db7db85821cb7e344418ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in testnet-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware edd3718e0e37096149d4d64985025d95be3edcd077f04cf23ed0165b2b8b8b8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GO-2024-3109 The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator

The Bare Metal Operator BMO can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator...