Lucene search
K

99 matches found

Github Security Blog
Github Security Blog
added 2025/11/28 6:30 p.m.14 views

LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. This is fixed in a forked release: at.yawk.lz4:lz4-java version 1.8.1. The original project has been archived:...

8.8CVSS6.7AI score0.00647EPSS
Exploits0References6Affected Software4
OSV
OSV
added 2025/11/28 6:30 p.m.4 views

GHSA-VQF4-7M7X-WGFC LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. This is fixed in a forked release: at.yawk.lz4:lz4-java version 1.8.1. The original project has been archived:...

8.8CVSS7AI score0.00647EPSS
Exploits0References6
Snyk
Snyk
added 2025/11/28 4:39 p.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to the use of the insecure LZ4decompressfast in the underlying lz4 library, which lacks bounds checks. An attacker can cause denial of service or access sensitive memory contents by providing specially crafted...

8.8CVSS6.6AI score0.00647EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in fork-eslint-slidev-chakra-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14f8ab67ea8427ea5b62140b04dc5a91e4b2512ef31a7be5a7f29ca3f838dfed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-178858

Malicious code in fork-webpack-kastra-chai npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-178864

Malicious code in fork-eslint-slidev-chakra-ui npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.2 views

EUVD-2025-113525

Malicious code in fork-eslint-plugin-procyon-fusion npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.4 views

Malicious code in playwright-achernar-fork-quantum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92b8f8c34cd0569e980d0406ca537a6f31f0966e068ac568d2797b35fc517fbd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.3 views

EUVD-2025-113517

Malicious code in fork-publish-node-config-mini-css-extract-plugin npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.0 views

MAL-2025-142603 Malicious code in fork-writable-miranda-dorado (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa2c06e94df0ee3bbe0de2fafb23ce4891a4357d3007dc2d8241ab688d448ba3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/11 2:29 a.m.2 views

MAL-2025-72608 Malicious code in dono-oblok5-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74081e636c233358f61ebd3507690776df36526469ffbe46bd6200bdbf8d2c1f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/07 12:0 a.m.4 views

Chasing One-Day Vulnerabilities across Open Source Forks

Tracking vulnerabilities inherited from third-party open-source components is a well-known challenge, often addressed by tracing the threads of dependency information. However, vulnerabilities can also propagate through forking: a repository forked after the introduction of a vulnerability, but...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Gathers structured vuln data from plugins that fork

This plugin generates internal host tags for vulnerability data from plugins that fork. It queries scratchpad tables, aggregates the vulnerability data by plugin ID, port and protocol, then attaches the data to the scan as internal host tags. This plugin does not create a scan vulnerability repor...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-25611

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00345EPSS
Exploits0References1
OSV
OSV
added 2025/09/05 5:10 p.m.3 views

MAL-2025-44287 Malicious code in fork-superflare-multiverse-spectron (npm)

The package fork-superflare-multiverse-spectron was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/28 7:10 a.m.5 views

Malicious code in aiohttp-proxies-forked (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/08/28 7:10 a.m.3 views

MAL-2025-41618 Malicious code in aiohttp-proxies-forked (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
CVE
CVE
added 2025/08/22 12:0 a.m.18 views

CVE-2025-55398

CVE-2025-55398 affects the mouse07410 asn1c fork (through 0.9.29). In UPER decoding, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits, potentially processing malformed input. Affected: decoders in this asn1c fork; impact is high (per CVSS...

9.8CVSS6.5AI score0.00345EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in sagemaker-forked-extensions (npm)

The package sagemaker-forked-extensions was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-32621 Malicious code in sagemaker-forked-extensions (npm)

The package sagemaker-forked-extensions was found to contain malicious code...

7.2AI score
Exploits0
Rows per page
Query Builder