`pqcrypto-sphincsplus` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to SPHINCS+/SLH-DSA FIPS 205 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result,...

Support Statement — Nutanix Mine with Veeam End of Life

Details Nutanix Mine with Veeam reached End-of-Life on 2026-04-30. As of this date, technical support cases may no longer be opened, and no further software or security updates will be provided. For more information, see the Nutanix EOL Announcement Bulletin - Nutanix Mine, released 2025-04-30...

zantetsu-ffi is unmaintained

The zantetsu-ffi crate is no longer maintained. The Node.js, Python, and C FFI bindings it provided were removed as part of the zantetsu 0.2 release, which refocused the project on its core Rust library. A tombstone version 0.2.0 has been published and 0.1.4 has been yanked. There is no replaceme...

Rancher's restricted PodSecurityPolicy does not prevent containers from running as a privileged user

Impact The restricted pod security policy PSP, provided in Rancher versions from 2.0 up to and including 2.6.3, has a deviation from the upstream restricted policy provided in Kubernetes, in which Rancher's PSP has runAsUser set to runAsAny, while upstream has runAsUser set to MustRunAsNonRoot...

Access API Moves to Spring Security Access

Five years ago, Spring Security began the journey of modernizing its authorization API. This has paved the way for a number of exciting features like Authorized POJOs, value masking, and, planned for Spring Security 7, Multi-Factor Authentication. This also deprecated the majority of the Access...

CVE-2025-47909

The CVE-2025-47909 entry describes a CSRF vulnerability in gorilla/csrf related to how TrustedOrigins can permit both HTTP and HTTPS origins. Affected component: gorilla/csrf (Go web middleware). Root cause: Origin/Trust logic allows a host listed in TrustedOrigins to bypass same-origin checks, e...

PT-2023-30299 · Nats +1 · Nats Nats-Server +1

Name of the Vulnerable Software and Affected Versions: NATS nats-server versions 2.2.0 through 2.9.22 NATS nats-server versions 2.10.0 through 2.10.1 Description: The issue is related to an authentication bypass in NATS nats-server. An implicit $G user in an authorization block can sometimes be...

Insufficiently Protected Credentials

Overview expo is an umbrella package that contains the client-side code for accessing system functionality such as contacts, camera, and location in Expo apps. Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Expo AuthSession Redirect Proxy process...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to not using or validating the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...