32 matches found
CVE-2026-11720
The CVE-2026-11720 entry describes a path traversal flaw in the HTTP tool URL builder of googleapis/mcp-toolbox. User-controlled pathParams are substituted into a configured tool path and then parsed as a relative URL; while scheme/host/user info are checked, final resolution uses ResolveReferenc...
CVE-2026-11717
An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint RFC 7662, the toolbox decodes the response into an introspectResp struct where t...
CVE-2026-11717
CVE-2026-11717 details an authentication bypass in googleapis/mcp-toolbox, specifically in the validateOpaqueToken path. When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), the toolbox decodes the response into an introspectResp with Active as a *bool. The ...
MAL-2025-6164 Malicious code in googleapis-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d420265a1e2b66c5c6e6fb36a367f726bcbd6099ac5d461385bb533e92ce2ad5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in googleapis-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d420265a1e2b66c5c6e6fb36a367f726bcbd6099ac5d461385bb533e92ce2ad5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in googleapis-googleapis-grpc-python (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0173c52d763cfc2d6f3c0222ad82887aa50ee181e8cfe807aa700d34cc54fb45 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-1976 Malicious code in googleapis-googleapis-grpc-python (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0173c52d763cfc2d6f3c0222ad82887aa50ee181e8cfe807aa700d34cc54fb45 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
SUSE SLES15: libprotobuf-lite20 / python2-cryptography / python2-psutil / etc (SUSE-SU-2023:2783-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2783-1 advisory. grpc: - Update in SLE-15 bsc1197726, bsc1144068 protobuf: - Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941,...
Fedora: Security Advisory for golang-github-gogo-googleapis (FEDORA-2022-ea8f4e232d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for golang-github-googleapis-gnostic (FEDORA-2022-ea8f4e232d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for golang-github-gogo-googleapis (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for golang-github-googleapis-gnostic (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Malicious code in ajax-googleapis (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a79286735a82d77ea004ac63d7e093e57051ba3ed791eb403acc3ca5985b863c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-918 Malicious code in ajax-googleapis (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a79286735a82d77ea004ac63d7e093e57051ba3ed791eb403acc3ca5985b863c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Fedora: Security Advisory for golang-github-googleapis-gnostic (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: golang-github-googleapis-gnostic-0.5.3-6.fc36
This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...
[SECURITY] Fedora 36 Update: golang-github-gogo-googleapis-1.4.1-4.fc36
Google APIs generated by gogoprotobuf...
Malicious code in gen-ts-googleapis (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4e25a82fd6464deed322629378691092d9c4a9c6bd5745fb9e356ab9f755031 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3327 Malicious code in gen-ts-googleapis (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4e25a82fd6464deed322629378691092d9c4a9c6bd5745fb9e356ab9f755031 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Fedora: Security Advisory for golang-github-gogo-googleapis (FEDORA-2022-08ae2dd481)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...