AskAI (=0.1.0), BiliupApi (>=0.1.0 <=0.1.7) +4009 more potentially affected by unknown CVE via rustls-webpki (>=0.100.3 <=0.102.8)

rustls-webpki CARGO version =0.100.3, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.26, =0.4.0, =0.1.0, =0.21.0-alpha.1, =0.1.11, =0.12.1, =0.13.0 - acme =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0098...

Malicious Package

Overview gp-auth-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious Package

Overview trade-in-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-2609 Malicious code in trade-in-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 282ed834f41ff1362de41082e4502858b54128699bb58026d73f704aafa71035 The package trade-in-lib was found to contain malicious code. Source: ghsa-malware 927f61fc76a553ba10121fbae7bc4961b0d67d52ab41498d9b0b232a4c2362f7 A...

Malicious code in trade-in-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 282ed834f41ff1362de41082e4502858b54128699bb58026d73f704aafa71035 The package trade-in-lib was found to contain malicious code. Source: ghsa-malware 927f61fc76a553ba10121fbae7bc4961b0d67d52ab41498d9b0b232a4c2362f7 A...

Malicious code in gp-auth-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a24cae80696867d7d7b835ee70e1ef1e85373092f31cd93e2a35508ae3d2afb3 The package gp-auth-lib was found to contain malicious code. Source: ghsa-malware 73c001ebe2675cd78ef852bc2e78ff6fb837fd64b9b490dbea61c4ff1ca6d146 An...

MAL-2026-2564 Malicious code in gp-auth-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a24cae80696867d7d7b835ee70e1ef1e85373092f31cd93e2a35508ae3d2afb3 The package gp-auth-lib was found to contain malicious code. Source: ghsa-malware 73c001ebe2675cd78ef852bc2e78ff6fb837fd64b9b490dbea61c4ff1ca6d146 An...

CLEANSTART-2026-LB69194 In libexpat before 2

Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details...

CVE-2026-32892

CVE-2026-32892 affects Chamilo LMS before 1.11.38 and 2.0.0-RC.3. The vulnerability is an OS command injection in the move() function of fileManage.lib.php, where user-controlled path values are concatenated into shell commands (e.g., exec("mv $source $target")) without escaping. The move_to POST...

Regular Expression Denial of Service (ReDoS)

Overview js-video-url-parser is an A parser to extract provider, video id, starttime and others from YouTube, Vimeo, ... urls Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the getTime function in lib/util.js. An attacker can cause excessive...

CVE-2026-34607

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...

PT-2026-29390

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow SBO in CIccCalculatorFunc::Apply when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as...

Malicious code in payerpath-customer-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9163fb244b7c2f4964eda703f5a3de55f6858b9f5a7f7508b69e1b0ce3b21b1f The package payerpath-customer-lib was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2276 Malicious code in payerpath-customer-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9163fb244b7c2f4964eda703f5a3de55f6858b9f5a7f7508b69e1b0ce3b21b1f The package payerpath-customer-lib was found to contain malicious code. Source: ossf-package-analysis...

SUSE-SU-2026:1063-1 Security update for frr

This update for frr fixes the following issues: Security issues: - CVE-2025-61099: NULL Pointer Dereference in FRRouting bsc1252838. - CVE-2025-61100: NULL Pointer Dereference in FRRouting bsc1252829. - CVE-2025-61101: NULL Pointer Dereference in FRRouting bsc1252833. - CVE-2025-61102: NULL Point...

Malicious Package

Overview customerdigital-ui-components-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview @pdfme/pdf-lib is a Create and modify PDF files with JavaScript Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through the ensureBuffer function in the stream decoding. An attacker can exhaust system memory and cause...

graph-generator-lib (>=0.1.0 <=0.1.10), libunftp (>=0.6.0 <=0.6.1) +7 more potentially affected by unknown CVE via tokio-compat (=0.1.6)

tokio-compat CARGO version =0.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on tokio-compat and may be impacted: - graph-generator-lib =0.1.0, =0.6.0, =0.1.0, =0.1.3 - parity-runtime =0.1.2 - price-info =1.12.0 - rudolfs =0.2.11 - sccache =0.2.15 -...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3198 (ALAS-2026-3198)

The version of thunderbird installed on the remote host is prior to 140.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3198 advisory. Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox 148, Firefox...

Malicious code in pru-lib-ng (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23f37bedfc6e1d85a81c4656a0af7b09fd927fb8d1562702d8766104ba806d95 The package pru-lib-ng was found to contain malicious code...