Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.10 views

CVE-2026-42575

apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is parsed and...

7.5CVSS5.9AI score0.00159EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in hapi-prosthetics-thermochronology-galaxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3945b57156407a7defb56a483e3d506c0a307663ac840d78caefe669db00c55b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in aquarius-slidev-equinox-procyon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa0b4b93c5880a11a602e472cc9f2c1f1a2fb41779b5d28d02295ae6d2c12554 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.4 views

Malicious code in sedna-cypress-dagda-slidev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a9480eb72fd64424dc78d7a68c04b3407ef3bb591d0550aee3bb1b56a326f38 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 7:31 a.m.3 views

Malicious code in rational_canid_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdc439f80cf95fb2bf2c952177671ec831268aec7ee803dba3f35a55f3f9dfc5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-3153

Malware in sbrugna...

8.4CVSS8.2AI score0.00507EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-33583

Malicious code in bioql PyPI...

7.7CVSS7.6AI score0.01218EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.4 views

picklescan 安全漏洞

picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in versions of picklescan prior to 0.0.21, which stems from not treating pip as an insecure global variable, which could lead to a malicious model introducing a malicious PyPI...

9.8CVSS8.7AI score0.01592EPSS
Exploits2References5
OSV
OSV
added 2022/05/24 4:57 p.m.5 views

GHSA-9F3P-WVJ7-Q82X Cargo prior to Rust 1.26.0 may download the wrong dependency

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency,...

7.5CVSS7.4AI score0.0126EPSS
Exploits1References6
Rows per page
Query Builder