Towards Leveraging LLMs to Generate Abstract Penetration Test Cases from Software Architecture

Software architecture models capture early design decisions that strongly influence system quality attributes, including security. However, architecture-level security assessment and feedback are often absent in practice, allowing security weaknesses to propagate into later phases of the software...

MAL-2025-191174 Malicious code in @accordproject/concerto-metamodel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1581131b6f7d752a2f26c167db5c144e33b737febc23f3e156f76a1b68e763ae The package @accordproject/concerto-metamodel was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199347

Malicious code in @accordproject/concerto-metamodel npm...

@accordproject/cicero-cli (>=0.23.1-20221017150218 <=0.25.1-20250329112129), @accordproject/cicero-core (>=0.23.1-20221017150218 <=0.25.1-20250329112129) +29 more potentially affected by unknown CVE via @accordproject/concerto-metamodel (>=3.0.0-alpha.1 <=3.12.4)

@accordproject/concerto-metamodel NPM version =3.0.0-alpha.1, =0.23.1-20221017150218, =0.23.1-20221017150218, =0.23.1-20221017150218, =0.23.1-20221017150218, =0.23.1-20221017150218, =0.23.1-20221017150218, =0.0.9, =1.0.0-alpha.3, =3.0.0, =3.0.0, =3.23.1, =3.0.0, =3.0.0, =3.22.1-20250619101610,...

@accordproject/concerto-metamodel contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:flow-module (=3.4.0) +129 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-metamodel (>=2.0.0-RC1 <=3.4.0)

org.apache.causeway.core:causeway-core-metamodel MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-metamodel and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...

org.apache.causeway.core:causeway-core-config (=4.0.0-M1), org.apache.causeway.core:causeway-core-interaction (=4.0.0-M1) +105 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-applib (=4.0.0-M1)

org.apache.causeway.core:causeway-applib MAVEN version =4.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-applib and may be impacted: - org.apache.causeway.core:causeway-core-config =4.0.0-M1 -...

org.apache.causeway.core:causeway-core-interaction (=4.0.0-M1), org.apache.causeway.core:causeway-core-runtime (=4.0.0-M1) +87 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-metamodel (=4.0.0-M1)

org.apache.causeway.core:causeway-core-metamodel MAVEN version =4.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-metamodel and may be impacted: - org.apache.causeway.core:causeway-core-interaction =4.0.0-M...

MAL-2024-12002 Malicious code in metamodel-editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f82fb4d86a302779b75cb5721517e80e827b6e6fe5368f3639b294b46e21cbd7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in metamodel-editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f82fb4d86a302779b75cb5721517e80e827b6e6fe5368f3639b294b46e21cbd7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-40688 · Unknown · Javaparser

Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: The issue is related to a security exception in the JavaParser library. A crash occurs due to a security exception, with the crash state involving the TreeVisitorValidator.accept and...

OSV-2024-85 Security exception in com.github.javaparser.ast.validator.TreeVisitorValidator.accept

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66357 Crash type: Security exception Crash state: com.github.javaparser.ast.validator.TreeVisitorValidator.accept com.github.javaparser.ast.expr.FieldAccessExpr.getMetaModel...

purearea.net XSS vulnerability

Open Bug Bounty ID: OBB-555219 Description| Value ---|--- Affected Website:| purearea.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...