GHSA-RHXG-9CM5-J9VX vulnerabilities

Vulnerabilities for packages: chromium...

Defense in Depth update for NuGet Client

Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. Patches NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched...

CLEANSTART-2026-LR09759 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

GHSA-866G-X98C-RPRC vulnerabilities

Vulnerabilities for packages: kibana...

GHSA-4XH5-JCJ2-CH8Q

creationtimestamp| type| source ---|---|--- 2026-01-24 21:22:57+00:00| seen| https://gist.github.com/alon710/a8f00d02af9bbef05b5cf8f64b7e8a02 2026-01-24 22:19:08+00:00| seen| https://gist.github.com/alon710/b7bde8da7ddb5ddf55e3c6550ccdb464 2026-01-24 22:19:11+00:00| seen|...

GHSA-6G9X-RPR5-4QRW vulnerabilities

Vulnerabilities for packages: linux-qemu, linux-gcp, linux-aws, linux-vmware, linux-azure...

GHSA-5V8R-67H5-P4JJ vulnerabilities

Vulnerabilities for packages: firefox-esr...

GHSA-M4WP-R357-4Q94

creationtimestamp| type| source ---|---|--- 2025-04-23 19:05:27+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13127...

GHSA-HQCX-598M-PJQ4

creationtimestamp| type| source ---|---|--- 2025-04-18 16:58:58+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12488...

HPGO (=0.9.2), algebraics (>=0.1.2 <=0.2.0) +242 more potentially affected by unknown CVE via inventory (>=0.1.10 <=0.1.11)

inventory CARGO version =0.1.10, =0.1.2, =0.11.0, =0.2.0, =0.1.0, =0.6.0, =0.7.0, =0.6.0, =0.5.0, =0.6.0, =0.4.0, =0.6.0, =0.5.0, =0.15.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-GHC8-5CGM-5RPF...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +96 more potentially affected by CVE-2021-41215 via tensorflow-cpu (>=1.15.0 <=2.4.0)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2021-41215 Source advisory: OSV:GHSA-X3V8-C8QX-3J3R...

ALPINE-CVE-2021-37712

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achiev...

ask (>=1.1.0 <=1.5.0), bid (>=0.1.0 <=1.0.0) +15 more potentially affected by unknown CVE via deap (>=0.1.2 <=0.2.2)

deap NPM version =0.1.2, =1.1.0, =0.1.0, =0.0.1, =0.1.0, =0.2.0, =0.0.4, =0.1.0, =0.1.0, =0.6.0, =0.3.0, =0.4.0, =0.4.0, =0.4.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XRMP-99WJ-P6JC...

@conversationai/moderator-backend-api (>=1.0.0 <=1.0.6), @conversationai/moderator-backend-core (>=1.0.0 <=1.0.6) +436 more potentially affected by unknown CVE via mysql (>=2.0.0-alpha8 <=2.13.0)

mysql NPM version =2.0.0-alpha8, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =1.0.0, =0.0.3, =0.0.2, =0.0.2, =0.0.1, =4.0.0, =4.2.34 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5F7M-MMPC-QHH4...