11172 matches found
CVE-2022-31505
The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2023-4455
Cross-Site Request Forgery CSRF in GitHub repository wallabag/wallabag prior to 2.6.3...
CVE-2025-66629
HedgeDoc versions prior to 1.10.4 are affected by missing CSRF protection in OAuth2 endpoints for social logins (Google, GitHub, GitLab, Facebook, Dropbox) due to not sending/verifying a state parameter. This could allow attackers to hijack user authentication sessions. The issue is fixed in 1.10...
PromptPwnd Vulnerability Exposes AI driven build systems to Data Theft
Aikido Security exposes a new AI prompt injection flaw in GitHub/GitLab pipelines, letting attackers steal secrets. Major companies affected...
CVE-2023-41954
creationtimestamp| type| source ---|---|--- 2025-11-29 23:34:16+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-41954.yaml 2025-12-01 21:02:38+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m6xda5caqj2w...
[SECURITY] Fedora 42 Update: migrate-4.19.0-1.fc42
Go database migrations library and program. This package is built with the following databases backends: cassandra cockroachdb mongodb mysql postgres redshift sqlite3 sqlite This package is built with the following source backends: github gitlab go-bindata godoc-vfs gcs iofs pkger s3...
[SECURITY] Fedora 43 Update: migrate-4.19.0-1.fc43
Go database migrations library and program. This package is built with the following databases backends: cassandra cockroachdb mongodb mysql postgres redshift sqlite3 sqlite This package is built with the following source backends: github gitlab go-bindata godoc-vfs gcs iofs pkger s3...
Malicious code in @voiceflow/nestjs-redis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e418bb230f36e6cbd5feaa2ec800cf58fa1e701bcf7b8fd1dd8806223a94c645 The package @voiceflow/nestjs-redis was found to contain malicious code. Source: ghsa-malware...
Malicious code in @voiceflow/vite-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e311606ae472f7551604c1c14cbf14f26fab216c76778f69086466466deac60c The package @voiceflow/vite-config was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191083 Malicious code in create-kinvey-flex-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c18f134df78210871fbeb0ee41ee973c4622f7c2f19cde796751a63da45cba75 The package create-kinvey-flex-service was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
MAL-2025-190701 Malicious code in redux-forge (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ab662afde2ebe0d7c2a8537b2bdab8226b61daf75ff4e54ad51bf5bb7eee8eb The package redux-forge was found to contain malicious code. Source: ghsa-malware f80cb61ec8f9b4f1ee385b40c40e1816cb61a012074ddc792d16f433c6a32294 An...
BIT-MASTODON-2022-2166 Improper Restriction of Excessive Authentication Attempts in mastodon/mastodon
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0...
GO-2025-4005 Canonical LXD Project Existence Determination Through Error Handling in Image Get Function in github.com/canonical/lxd
Canonical LXD Project Existence Determination Through Error Handling in Image Get Function in github.com/canonical/lxd...
Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains
Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire. According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The...
EUVD-2019-11525
Malware in sbrugna...
EUVD-2023-43718
Malicious code in bioql PyPI...
EUVD-2023-58383
Malicious code in bioql PyPI...