570 matches found
Malicious code in @ikyyofc/gemini-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5793a1cde3de83b8c15b49a0f9981d72fbf431067a4416ce6b2bd5650ea4a4d6 @ikyyofc/[email protected] ships two heavily obfuscated modules src/gemini.js and src/utils/proxy.js wrapped in an obfuscator.io-style string-array +...
MAL-2026-4394 Malicious code in @ikyyofc/gemini-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5793a1cde3de83b8c15b49a0f9981d72fbf431067a4416ce6b2bd5650ea4a4d6 @ikyyofc/[email protected] ships two heavily obfuscated modules src/gemini.js and src/utils/proxy.js wrapped in an obfuscator.io-style string-array +...
Malicious code in glass-of-water (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79336313f71fac8158ff6f3e0160d0e99a8d1d84c452505fd3739af5838a69 glassofwater/init.py embeds 10 Google Gemini API keys AIzaSy... split across 5-part dictionaries and reassembled at runtime by getapikey L6-19. The...
MAL-2026-4751 Malicious code in glass-of-water (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79336313f71fac8158ff6f3e0160d0e99a8d1d84c452505fd3739af5838a69 glassofwater/init.py embeds 10 Google Gemini API keys AIzaSy... split across 5-part dictionaries and reassembled at runtime by getapikey L6-19. The...
CVE-2026-44902 vulnerabilities
Vulnerabilities for packages: cadence-web, gemini-cli, librechat, langfuse-fips, kibana, langfuse...
GHSA-Q7RR-3CGH-J5R3 vulnerabilities
Vulnerabilities for packages: cadence-web, gemini-cli, librechat, langfuse-fips, kibana, langfuse...
Maestro 0.15.4
Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for hackers who are juggling multiple projects in parallel. Designed for power users who live on the keyboard and rarely touch the mouse. Collaborate with AI to create...
How to Disable Google's Gemini in Chrome
Chrome users were caught off guard by a 4-GB Google AI model baked into Chrome, sparking privacy concerns. The good news: You can easily uninstall it. The bad? You might not want to...
Google Chrome Accused of Silently Installing 4GB AI Model on User Devices
Cybersecurity researcher Alexander Hanff claims that Google Chrome automatically installs a 4GB Gemini Nano AI model without user notification or consent...
GHSA-V2V4-37R5-5V8G vulnerabilities
Vulnerabilities for packages: kibana, saf, tileserver-gl, kubeflow-pipelines, lerna, code-server, actions-runner, opensearch-dashboards, librechat, kubeflow-katib, drupal, npm, wazuh-dashboard-fips, langfuse-fips, langfuse, wazuh-dashboard, opensearch-dashboards-fips, renovate, prism,...
CVE-2026-42338 vulnerabilities
Vulnerabilities for packages: kibana, saf, tileserver-gl, kubeflow-pipelines, lerna, code-server, actions-runner, opensearch-dashboards, librechat, kubeflow-katib, drupal, npm, wazuh-dashboard-fips, langfuse-fips, langfuse, wazuh-dashboard, opensearch-dashboards-fips, renovate, prism,...
Google Fixes CVSS 10 Gemini CLI Vulnerability Enabling GitHub Issue-Based RCE
Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise...
CVE-2026-41907 vulnerabilities
Vulnerabilities for packages: nextcloud-server, saf, kubeflow-pipelines, code-server, actions-runner, jitsucom-jitsu, dbgate-fips, librechat, opensearch-dashboards, kubeflow-katib, argo-workflows, drupal, npm, tensorflow-cpu-jupyter, redisinsight, dbgate, gemini-cli, wazuh-dashboard-fips,...
Google Chrome’s silent 4GB AI download problem [updated]
Google Chrome has been quietly downloading a 4GB AI model onto users' devices without asking first. Security researcher Alexander Hanff, aka ThatPrivacyGuy, reports that Chrome has been silently installing Gemini Nano, Google's on-device AI model, as a file called weights.bin stored in the...
GHSA-WPQR-6V78-JR5G vulnerabilities
Vulnerabilities for packages: gemini-cli...
MAL-2026-3347 Malicious code in gemini-analyzer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1c8996b17229185440fe7523f20f72ea848f3a001baa8946ca80fa6b5d3221ad The package is a RAT performing full exfiltration and executing remote commands through a custom RPC protocol over WebSockets, and eventually establishing a...
AutoStrike
Gemini Bug Bounty Find security vulnerabilities, get paid...
gemini-bug-bounty
Gemini Bug Bounty Find security vulnerabilities, get paid...
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host systems. "The vulnerability allowed an...
@13w/local-rag (=2.0.0), @amodalai/cli (>=0.1.0 <=0.1.1) +30 more potentially affected by unknown CVE via @google/gemini-cli (>=0.11.3 <=0.39.0-nightly.20260411.0957f7d3e)
@google/gemini-cli NPM version =0.11.3, =0.1.0, =0.1.5, =0.1.0, =1.0.0, =0.0.17, =0.6.4, =0.0.1, =1.3.0, =0.1.10, =1.0.0, =2.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-WPQR-6V78-JR5G...