Malicious code in solanakit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e8770458eab636335241e359b6cee149cc00640fb2418b4462c89ec88accc93 During import, the code downloads and starts a malicious package hosted on GitHub. It then first ensures persistency e.g., through the autostart registry key...

Understand your software’s supply chain with GitHub’s dependency graph

What if you could spot the weakest link in your software supply chain before it breaks? With GitHub's dependency graph, you can. By providing a clear, complete view of the external packages your code depends on, both directly and indirectly, it allows you to understand, secure, and manage your...

GO-2023-1543 mrpack-install vulnerable to path traversal with dependency in github.com/nothub/mrpack-install

mrpack-install vulnerable to path traversal with dependency in github.com/nothub/mrpack-install...

Remote Code Execution(RCE)

github.com/bits-and-blooms/bloom is vulnerable to Remote Code Execution RCE. The vulnerability is due to the library depending on a library but referencing it with an old URL github.com/GoASTScanner/gas, which leads to dependency confusion. An attacker can register the old GitHub user-name and...