EUVD-2023-0600

Malicious code in bioql PyPI...

EUVD-2025-0202

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-29529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific...

Security Bulletin: For IBM Cloudpak for Watson AIOPS 3.5.1

Summary This SB contains a list for all CVE's listed here - CVE-2022-36083, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2021-21797, CVE-2022-35941, CVE-2021-42248, CVE-2021-42836, CVE-2022-40186, CVE-2022-41316, CVE-2021-36090, CVE-2020-29529, CVE-2020-7219 fixed in 3.5.1 Vulnerability...

CVE-2025-0377

An archive extraction vulnerability was found in HashiCorp's go-slug library. When go-slug performs an extraction, the filename/extraction path is taken from the tar entry via the header.Name. It was discovered that the unpacking step improperly validated paths, potentially leading to path...

GO-2025-3413 HashiCorp go-slug Vulnerable to Zip Slip Attack in github.com/hashicorp/go-slug

HashiCorp go-slug Vulnerable to Zip Slip Attack in github.com/hashicorp/go-slug...

Relative Path Traversal

github.com/hashicorp/go-slug is vulnerable to Relative Path Traversal. The vulnerability is due to improper path validation when extracting user-provided paths from tar entries, allowing for directory traversal and potential overwriting of arbitrary files...

SUSE CVE-2025-0377

HashiCorp's go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...

GHSA-WPFP-CM49-9M9Q HashiCorp go-slug Vulnerable to Zip Slip Attack

Summary HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3. Background HashiCorp’s go-slug shared library offers functions for...

HashiCorp go-slug Vulnerable to Zip Slip Attack

Summary HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3. Background HashiCorp’s go-slug shared library offers functions for...

CVE-2025-0377

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...

CVE-2025-0377

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...

CVE-2025-0377 HashiCorp go-slug Vulnerable to Zip Slip Attack

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...

CVE-2025-0377

CVE-2025-0377 – HashiCorp go-slug : Zip-slip style path traversal during tar extraction when a non-existent user-provided path is processed. This can allow writing arbitrary files during extraction. Remediation: upgrade go-slug to 0.16.3 or later (the advisory notes the fix is included in 0.16.3)...

CVE-2025-0377 HashiCorp go-slug Vulnerable to Zip Slip Attack

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...

Hashicorp Go-slug 后置链接漏洞

HashiCorp Hashicorp Go-slug is a Go-based codebase for packing and unpacking files from HashiCorp, USA. A security vulnerability exists in Hashicorp Go-slug version 0.16.2 and earlier, which stems from the fact that HashiCorp's go-slug library is susceptible to a zip-slip style attack when...

PT-2025-3860 · Hashicorp +1 · Go-Slug +1

Name of the Vulnerable Software and Affected Versions: HashiCorp go-slug versions prior to 0.16.3 Description: The go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This occurs because the unpacking step improperly...

Unsafe tar unpacking in HashiCorp go-slug

HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks...

GHSA-2G5J-5X95-R6HR Unsafe tar unpacking in HashiCorp go-slug

HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.2 security and bug fix update

Red Hat Advanced Cluster Management for Kubernetes 2.2.2 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...