CVE-2026-5952

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite...

ROOT-APP-MAVEN-CVE-2020-36518 CVE-2020-36518 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2020-36518 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-22741 CVE-2026-22741 in io.root.org.springframework:spring-webmvc - Patched by Root

Root has patched CVE-2026-22741 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-42583 CVE-2026-42583 in io.root.io.netty:netty-codec - Patched by Root

Root has patched CVE-2026-42583 in the io.root.io.netty:netty-codec package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-68390 CVE-2025-68390 in io.root.org.elasticsearch.plugin:x-pack-core - Patched by Root

Root has patched CVE-2025-68390 in the io.root.org.elasticsearch.plugin:x-pack-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2020-14061 CVE-2020-14061 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2020-14061 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2022-45143 CVE-2022-45143 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root

Root has patched CVE-2022-45143 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...

ai.chronon:online_2.13 (>=0.0.25 <=revert-391-thread-0.0.24), ai.chronon:service_2.13 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +4092 more potentially affected by CVE-2026-35554 via org.apache.kafka:kafka-clients (>=2.8.0 <=3.9.1)

org.apache.kafka:kafka-clients MAVEN version =2.8.0, =0.0.25, =0.0.86, =1.0.6, =1.0.6, =0.1, =0.2.7, =0.2.7, =3.0.1, =2.8.4-alpha1, =1.0.0, =1.0.0-beta, =0.0.1-alpha1, =1.2.4, =1.2.6 and more Source cves: CVE-2026-35554 Source advisory: SNYK:JAVA-ORGAPACHEKAFKA-16032179...

ae.teletronics.nlp:categorisation (>=1.3 <=1.6), ae.teletronics.nlp:entityextraction (>=1.3 <=1.4) +4953 more potentially affected by CVE-2025-66566 via net.jpountz.lz4:lz4 (>=1.1.0 <=1.3.0)

net.jpountz.lz4:lz4 MAVEN version =1.1.0, =1.3, =1.3, =0.42.1, =1.3.0, =0.13.0, =1.1.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.10.0, =0.13.0, =v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744 and more Source cves: CVE-2025-66566 Source advisory: OSV:GHSA-CMP6-M4WJ-Q63Q...

EUVD-2025-199706

Malicious code in org.mvnpm:posthog-node Maven...

MAL-2025-191470 Malicious code in org.mvnpm:posthog-node (Maven)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...

EUVD-2020-7512

Malware in sbrugna...

EUVD-2021-26296

Malware in sbrugna...

EUVD-2019-9239

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-39940

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all version...

CVE-2020-15525

GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint...

CVE-2019-19628

In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions...

org.webjars.npm:angular-lock (=2.0.3), org.webjars.npm:auth0-js (>=8.4.0 <=9.28.0) +11 more potentially affected by CVE-2025-46653 via org.webjars.npm:formidable (>=1.2.2 <=2.1.2)

org.webjars.npm:formidable MAVEN version =1.2.2, =8.4.0, =4.0.0-alpha, =1.1.0, =2.1.7, =1.0.6, =3.3.1, =7.1.6 - org.webjars.npm:supertest =3.4.2 Source cves: CVE-2025-46653 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-10006768...

Malicious code in io.github.leetcrunch:scribejava-core (Maven)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 8dd884cda209e50c2bd5185172f3c25968cb972cbd19234779b43f4f855f2d26 A malicious Maven Java package a typosquatting a legitimate OAuth Maven package. The malicious package collects and exfils OAuth credentia...

MAL-2025-2552 Malicious code in io.github.leetcrunch:scribejava-core (Maven)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 8dd884cda209e50c2bd5185172f3c25968cb972cbd19234779b43f4f855f2d26 A malicious Maven Java package a typosquatting a legitimate OAuth Maven package. The malicious package collects and exfils OAuth credentia...