openssl-encrypt silently skips schema validation when jsonschema library is not installed

Summary In opensslencrypt/modules/jsonvalidator.py at lines 234-238, when the jsonschema library is not installed, all schema validation is silently skipped with only a print warning. Affected Code python if not JSONSCHEMAAVAILABLE: printf"Warning: Cannot validate against schema 'schemaname' -...

Improper Check for Unusual or Exceptional Conditions

Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...

GHSA-425G-FJHQ-5H92 openssl-encrypt silently skips schema validation when jsonschema library is not installed

Summary In opensslencrypt/modules/jsonvalidator.py at lines 234-238, when the jsonschema library is not installed, all schema validation is silently skipped with only a print warning. Affected Code python if not JSONSCHEMAAVAILABLE: printf"Warning: Cannot validate against schema 'schemaname' -...

MAL-2025-192436 Malicious code in jsonschema-utf8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61bf4fa82a7c398e580d547d641bc19e3b16ba446191da04f39dcf9cf9a41eab Package clones a popular package loguru, jsonschema, .... While it claims to have some additional features, the real change is an added compiled native library...

EUVD-2025-202588

Malicious code in jsonschema-utf8 PyPI...

EUVD-2024-3498

Malicious code in bioql PyPI...

Malicious code in react-jsonschema-form-extras (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a348a6e6add3a526378c82c718c9589edc804b3a2c90e291c0abc25798ba1047 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47343 Malicious code in react-jsonschema-form-extras (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a348a6e6add3a526378c82c718c9589edc804b3a2c90e291c0abc25798ba1047 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47344 Malicious code in react-jsonschema-rxnt-extras (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e29ae9593362f6ccecd21ee9abaabfe0baf7da78be18ebeeef87277d03b1f56 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-jsonschema-form-conditionals (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19f7a4179b84b6488bf56a9222c451acb93c74cf52d5a8c021ae3f42599e289d Any computer that has this package installed or running should be considered fully compromised. All...

react-jsonschema-rxnt-extras (>=0.1.14 <=0.5.0-alpha.190053) potentially affected by unknown CVE via react-complaint-image (>=0.0.10 <=0.0.31)

react-complaint-image NPM version =0.0.10, =0.1.14, =0.5.0-alpha.190053 Source cves: unknown CVE Source advisory: OSV:MAL-2025-47341...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

react-jsonschema-rxnt-extras (>=0.1.14 <=0.5.0-alpha.190053) potentially affected by unknown CVE via react-complaint-image (>=0.0.10 <=0.0.31)

react-complaint-image NPM version =0.0.10, =0.1.14, =0.5.0-alpha.190053 Source cves: unknown CVE Source advisory: SNYK:JS-REACTCOMPLAINTIMAGE-12705089...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

@bubbles-ui/leemons (>=1.0.0 <=1.2.277), @imtf/rjsf-conditionals (=5.0.3) +3 more potentially affected by unknown CVE via json-rules-engine-simplified (>=0.1.17 <=0.2.0)

json-rules-engine-simplified NPM version =0.1.17, =1.0.0, =0.1.0, =0.1.17, =0.1.1, =0.2.3 Source cves: unknown CVE Source advisory: SNYK:JS-JSONRULESENGINESIMPLIFIED-12704864...

SUSE CVE-2024-53848

check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...

meltano (>=2.16.0 <=3.6.0b4), nmdc-schema (>=0.0.0 <=7.4.12) +2 more potentially affected by CVE-2024-53848 via check-jsonschema (>=0.19.2 <=0.29.4)

check-jsonschema PYPI version =0.19.2, =2.16.0, =0.0.0, =0.3.0, =0.3.0, =0.4.1 Source cves: CVE-2024-53848 Source advisory: OSV:GHSA-Q6MV-284R-MP36...

CVE-2024-53848

A flaw was found in check-jsonschema. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, for example, https://example.org/schema.json, which will be stored as schema.json. This naming allows for conflicts. If an attacker can get a user to run...

Acceptance of Extraneous Untrusted Data With Trusted Data

Overview check-jsonschema is an A jsonschema CLI and pre-commit hook Affected versions of this package are vulnerable to Acceptance of Extraneous Untrusted Data With Trusted Data via the default caching mechanism for remote schemas. An attacker can manipulate the cache to insert a malicious schem...

CVE-2024-53848

check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...