EUVD-2025-112434

Malicious code in install-mini-css-extract-plugin-test-sqlite npm...

MAL-2025-140484 Malicious code in castor-fetch-webdriver-manager-mini-css-extract-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51232fa12f2d0aa1acb5f8f227042e036d7eab4c9faf1918109f2c1b887da57f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-111133

Malicious code in mini-css-extract-plugin-nightwatch-ignite-capella npm...

Malicious code in babel-rehype-mini-css-extract-plugin-aether (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a1fc500675fae07b9a876c104374b27b82820a5d8bcfaad02b275aa0426a718 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-111144

Malicious code in mini-css-extract-plugin-cli-quasar-cache npm...

Malicious code in mini-css-extract-plugin-callisto-vulcan-apex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4fefa2b8aac08eb3db27624e6a94ba26bdf920229211f6b3eeda2ce26bd6c4f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-115491

Malicious code in chakra-ui-gravity-mini-css-extract-plugin-chromedriver npm...

EUVD-2025-120684

Malicious code in vulcan-mini-css-extract-plugin-commitlint-wasat npm...

EUVD-2025-120573

Malicious code in webdriver-mocha-mini-css-extract-plugin-acamar-magellan npm...

EUVD-2025-111135

Malicious code in mini-css-extract-plugin-meteor-capella-nconf npm...

MAL-2025-141604 Malicious code in despina-pegasus-mini-css-extract-plugin-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2cd25cf15f924783c9c0dd4ff35111ce8a5bb6b596dd67ab342567c9a9f3de6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142595 Malicious code in fork-publish-node-config-mini-css-extract-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2f6e9a7562a333d4e73524c50d96a1a156c6d0d860a6af6a4cad3f0ea51e112 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

ROS-20251106-04

Vulnerability of django.utils.archive.extract function of Django web application software platform is related to errors in the relative directory path handling mechanism. Exploitation of the vulnerability could allow a remote attacker to bypass security restrictions. Vulnerability in...

OPENSUSE-SU-2025:20022-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2025-59681: Fixed a potential SQL injection in QuerySet.annotate, alias, aggregate, and extra on MySQL and MariaDB boo1250485 - CVE-2025-59682: Fixed a potential partial directory-traversal via archive.extract boo1250487...

CVE-2025-12060

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

UBUNTU-CVE-2025-12060

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

CVE-2025-12060

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

CVE-2025-54384

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided...

PT-2025-44433

Name of the Vulnerable Software and Affected Versions Keras affected versions not specified Description The keras.utils.get file API in Keras is susceptible to a path traversal issue when the extract=True option is used with tar archives. The utility employs Python’s tarfile.extractall function...

FreeBSD : Erlang - Absolute Path in Zip Module (237f4f57-b50f-11f0-ae9b-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 237f4f57-b50f-11f0-ae9b-b42e991fc52e advisory. https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc reports: Improper Limitation of a...