MAL-2025-4005 Malicious code in ing-lib-investments (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 503bea11cdda0462a5a3704bfa53fb30372f852aedf852305e6826460f1eb140 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3953 Malicious code in inter-frontend-lib-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20b043e0fa1aadc6d1e400a275d7c543cf31f466a312f5cd286fed159f700ec0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in jb-sol-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e07a37ee37ad01b1e0d3674307dda8f293b0152cd93544305a2bdce1340c6035 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3899 Malicious code in jb-sol-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e07a37ee37ad01b1e0d3674307dda8f293b0152cd93544305a2bdce1340c6035 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

sozu (>=0.12.0 <=0.13.1), sozu-command-futures (>=0.11.59 <=0.13.6) +3 more potentially affected by CVE-2025-47737 via trailer (=0.1.2)

trailer CARGO version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on trailer and may be impacted: - sozu =0.12.0, =0.11.59, =0.12.0, =0.12.0, =0.11.59, =0.13.0 Source cves: CVE-2025-47737 Source advisory: OSV:GHSA-6X45-R4PR-5362...

@dm3-org/delivery-service (>=1.4.0 <=1.7.1), @dm3-org/dm3-backend (>=1.0.1 <=1.7.1) +18 more potentially affected by unknown CVE via @dm3-org/dm3-lib-shared (=1.7.2)

@dm3-org/dm3-lib-shared NPM version =1.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on @dm3-org/dm3-lib-shared and may be impacted: - @dm3-org/delivery-service =1.4.0, =1.0.1, =1.0.5, =1.0.5, =1.0.5, =1.0.5, =1.0.5, =0.0.1-alpha1, =1.0.5, =1.4.0,...

alsa-lib bug fix and enhancement update

An update is available for alsa-lib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.1...

Malicious code in internal-lib-t1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0656cbf9afeeae51e03fe153910e1dad3a3840f219effb0583665acdfefb34ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

sozu (>=0.12.0 <=0.13.1), sozu-command-futures (>=0.11.59 <=0.13.6) +3 more potentially affected by CVE-2025-47737 via trailer (=0.1.2)

trailer CARGO version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on trailer and may be impacted: - sozu =0.12.0, =0.11.59, =0.12.0, =0.12.0, =0.11.59, =0.13.0 Source cves: CVE-2025-47737 Source advisory: OSV:RUSTSEC-2025-0163...

org.webjars.npm:bitcore-lib (=0.15.0), org.webjars.npm:bitcore-mnemonic (=1.5.0) +5 more potentially affected by CVE-2025-27611 via org.webjars.npm:base-x (=3.0.8)

org.webjars.npm:base-x MAVEN version =3.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:base-x and may be impacted: - org.webjars.npm:bitcore-lib =0.15.0 - org.webjars.npm:bitcore-mnemonic =1.5.0 - org.webjars.npm:bs58 =4.0.1 -...

Malicious code in internal-payroll-lib-v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f2f9ac4669489d305522859900c9fc0c92c656de17f018f9369aee637348083 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nsemea-address-lib-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 783f17774ff266fc48db4fdc996b01c5fd5babaa6db1c0aaf76f53fbd348dd0c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nsemea-customer-lib-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5b783a59591663bb8084e20ad8825f0dea9ab345d0ec0f723be03614c92467e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3533 Malicious code in nsemea-customer-lib-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5b783a59591663bb8084e20ad8825f0dea9ab345d0ec0f723be03614c92467e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

libsnowflakeclient 安全漏洞

libsnowflakeclient is a Snowflake open source Snowflake tool. A security vulnerability exists in libsnowflakeclient versions prior to 0.5.0 through 2.2.0, which stems from the fact that incorrectly handling malformed requests may cause the application to hang...

Ubuntu: Security Advisory (USN-7465-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2025-3301 Malicious code in @medibank-lib/medi-analytics (npm)

--- -= Per source details. Do not edit below this line.=-...

Incorrect Execution-Assigned Permissions

aws-cdk-lib is vulnerable to Incorrect Execution-Assigned Permissions. The vulnerability is due to unexpected Aspect execution order due to the introduction of a new priority system that overrides hierarchical aspect evaluation, potentially leading to incorrect permissions boundaries being assign...

Overly Permissive Authorization

aws-cdk-lib is vulnerable to Overly Permissive Authorization. The vulnerability is due to the CDK Construct Library automatically generating an overly permissive AWS IAM trust policy, which allows any user with unrestricted sts:AssumeRole permissions to assume the role...