EUVD-2022-31074

Malicious code in bioql PyPI...

CVE-2025-1716

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...

MAL-2023-8503 Malicious code in @atea/common-design-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2329fd9b04f0c2f8d8db0bf754737afd91b53c559c6dfa3aaf3c1f337323f9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2020-6578 · Red Hat +2 · Ansible Engine +2

Name of the Vulnerable Software and Affected Versions: Ansible Engine versions 2.8.x through 2.8.14 Ansible Engine versions 2.9.x through 2.9.12 Description: A flaw was found in the Ansible Engine when installing packages using the dnf module. GPG signatures are ignored during installation even...

F5 NGINX Controller Input Validation Error Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions prior to 3.3.0, which stems from an install.sh scri...

Design/Logic Flaw

Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package...