Security update for bash-git-prompt (moderate)

openSUSE security update: security update for bash-git-prompt ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20130-1 Rating: moderate References: bsc1247489 Cross-References: CVE-2025-61659 Affected Products: openSUSE Leap 16.0...

git-bug-0.10.1-3.1 on GA media (moderate)

git-bug-0.10.1-3.1 on GA media Announcement ID: openSUSE-SU-2025:15771-1 Rating: moderate Cross-References: CVE-2025-47913 CVE-2025-47914 CVE-2025-58181 CVSS scores: CVE-2025-47913 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-47913 SUSE : 8.7...

GHSA-J9WJ-M24M-7JJ6 willitmerge has a Command Injection vulnerability

willitmerge describes itself as a command line tool to check if pull requests are mergeable. There is a Command Injection vulnerability in version [email protected]. Resources: Project's GitHub source code: https://github.com/shama/willitmerge/ Project's npm package:...

willitmerge has a Command Injection vulnerability

willitmerge describes itself as a command line tool to check if pull requests are mergeable. There is a Command Injection vulnerability in version [email protected]. Resources: Project's GitHub source code: https://github.com/shama/willitmerge/ Project's npm package:...

CVE-2025-12472

An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for...

OPENSUSE-SU-2025:15771-1 git-bug-0.10.1-3.1 on GA media

These are all security issues fixed in the git-bug-0.10.1-3.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15770-1 bash-git-prompt-2.7.1-4.1 on GA media

These are all security issues fixed in the bash-git-prompt-2.7.1-4.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-13595

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

CVE-2025-13597

CVE-2025-13597 affects the WordPress AI Feeds plugin up to version 1.0.11. The flaw is an unauthenticated arbitrary file upload due to a missing capability check in the actualizador_git.php module, enabling attackers to download GitHub repositories and overwrite plugin files on the server, with r...

CVE-2025-13595 CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

Exploit for CVE-2025-13595

CIBELES AI extractTo$extractDir; $rootInsideZip = $extrac...

MAL-2025-191362 Malicious code in @voiceflow/npm-package-json-lint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcb13f449b9f8582e57b2b30103359ccd3efcbde9b172f827a481af246122211 The package @voiceflow/npm-package-json-lint-config was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191350 Malicious code in @voiceflow/git-branch-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 374d8cf65cd8bf44935889995a1fe36af800d8f570be40b594fa1b3bca1c184d The package @voiceflow/git-branch-check was found to contain malicious code. Source: ghsa-malware...

Malicious code in @bdkinc/knex-ibmi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85cc012fb765319451923141ad4b7e0436b8033482b80dfd67bcc460923c2ae0 The package @bdkinc/knex-ibmi was found to contain malicious code. Source: ghsa-malware...

Malicious code in @faq-component/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc9231d4632473ef4031ec55df06f361942089d230a511407a1cbdce5716ed7f The package @faq-component/core was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191098 Malicious code in frontity-starter-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13b1b354fa335b058cf3b6af9fd24bc83609696da8937e6d103a4bdf3196ec2f The package frontity-starter-theme was found to contain malicious code. Source: ghsa-malware...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...