SUSE-SU-2026:1970-1 Security update for php-composer2

This update for php-composer2 fixes the following issues - CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. - CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: - version update to 2.2.27...

Astra Linux - уязвимость в python-pip

When installing a package from a Mercurial VCS URL e.g., “pip install hg+…” using pip before version 23.3, the specified Mercurial revision could be used to inject arbitrary configuration options into the “hg clone” call e.g., “--config”. Controlling the Mercurial configuration allows modifying t...

@bechara/crux (>=6.0.0 <=6.6.2), @cappa/cli (>=0.1.0 <=0.8.2) +11 more potentially affected by CVE-2026-6270 via @fastify/middie (>=9.0.2 <=9.3.1)

@fastify/middie NPM version =9.0.2, =6.0.0, =0.1.0, =0.1.0, =1.0.0, =1.0.11, =0.1.51, =1.0.36, =11.0.0, =1.3.0, =5.0.0, =0.6.1-dev, =1.1.48 Source cves: CVE-2026-6270 Source advisory: SNYK:JS-FASTIFYMIDDIE-16098213...

EUVD-2018-19612

Malware in sbrugna...

EUVD-2022-0047

Malicious code in bioql PyPI...

EUVD-2022-0137

Malicious code in bioql PyPI...

EUVD-2025-22916

Malicious code in bioql PyPI...

EUVD-2022-1643

Malicious code in bioql PyPI...

EUVD-2022-1732

Malicious code in bioql PyPI...

JetBrains TeamCity Information Disclosure Vulnerability

JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. JetBrains TeamCity suffers from an information disclosure vulnerability that stems from an hg pull command line parameter resulting in an exposed...

MAL-2025-6095 Malicious code in hg-icons-2 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Malicious code in hg-icons-2 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Fedora 39 : composer (2024-bb55f8476a)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bb55f8476a advisory. Version 2.7.7 2024-06-10 Security: Fixed command injection via malicious git branch name GHSA-47f6-5gq3-vx9c / CVE-2024-35241 Security: Fixed multip...

FreeBSD : Composer -- Multiple command injections via malicious git/hg branch names (5f608c68-276c-11ef-8caa-0897988a1c07)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5f608c68-276c-11ef-8caa-0897988a1c07 advisory. Composer project reports: The status, reinstall and remove commands with packages installed fr...

CVE-2024-35242

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are availab...

GHSA-V9QV-C7WM-WGMF Composer has multiple command injections via malicious git/hg branch names

Impact The composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. So this requires cloning untrusted repositories. Patches 2.2.24 for 2.2 LTS or 2.7.7 for mainline Workarounds Avoid cloning potentially compromised...

CVE-2024-35242

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are availab...

CVE-2024-35242 Composer vulnerable to command injection via malicious git/hg branch names

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are availab...

Fedora 38 : pypy (2024-797928fed3)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-797928fed3 advisory. Security fix for CVE-2023-5752 in the bundled pip. Tenable has extracted the preceding description block directly from the Fedora security advisory...

HDF Group HDF5 安全漏洞

HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 Library version 1.14.3...