OPENSUSE-SU-2026:20711-1 Security update for hauler

This update for hauler fixes the following issues: Changes in hauler: - update to 1.4.3 bsc1262353, CVE-2026-39984, bsc1262942, CVE-2026-34986: 1.4 Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in the gomodules group across 1 directory 1.4 Bump github.com/sigstore/timestamp-authority/v2...

Malicious code in mergify-browser-extension (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d8f2de81952e94086d23e94decb4b563c67c4a2022666fae6a869278e07c0b0 Any computer that has this package installed or running should be considered...

MAL-2025-4568 Malicious code in mergify-browser-extension (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d8f2de81952e94086d23e94decb4b563c67c4a2022666fae6a869278e07c0b0 Any computer that has this package installed or running should be considered...

GHSA-3F95-W5H5-FQ86 Prototype Pollution in mergify

All versions of mergify are vulnerable to Prototype Pollution. The mergify function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation No fix is currently available. Consider using an...

Prototype Pollution in mergify

All versions of mergify are vulnerable to Prototype Pollution. The mergify function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation No fix is currently available. Consider using an...

Prototype Pollution

Overview All versions of mergify are vulnerable to Prototype Pollution. The mergify function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation No fix is currently available. Consider using...

Node.js third-party modules: Prototype pollution attack (mergify)

Hi team, I would like to report a prototype pollution vulnerability in mergify that allows an attacker to inject properties on Object.prototype. Module module name: mergify version: 1.0.2 npm page: https://www.npmjs.com/package/mergify Module Description Merge objects deeply Vulnerability...