33 matches found
OpenMetadata - Authentication Bypass
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...
Malicious code in npe-toolkit-server-deps (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3eb14324fd68e20b30e8d4ebaa6af41f05a0596dd3e274650d3d75503199426 The package npe-toolkit-server-deps was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview npe-toolkit-faves is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-135 Malicious code in npe-toolkit-faves (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d361a1a46446a6e7317c9f4c3db039746ceea8e599e55c309a86dba366e8ecc6 The package npe-toolkit-faves was found to contain malicious code. Source: ghsa-malware...
MAL-2026-136 Malicious code in npe-toolkit-server-deps (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3eb14324fd68e20b30e8d4ebaa6af41f05a0596dd3e274650d3d75503199426 The package npe-toolkit-server-deps was found to contain malicious code. Source: ghsa-malware...
Malicious code in npe-toolkit-faves (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d361a1a46446a6e7317c9f4c3db039746ceea8e599e55c309a86dba366e8ecc6 The package npe-toolkit-faves was found to contain malicious code. Source: ghsa-malware...
EUVD-2023-0959
Malicious code in bioql PyPI...
CVE-2025-38265
The CVE-2025-38265 issue affects the Linux kernel in the serial/jsm path (jsm_uart_port_init). The root cause is a NULL pointer dereference in serial_base_ctrl_add when no device is set, leading to a crash in serial_core_register_port during probe. The provided data notes a fix and references ker...
CVE-2025-22050
In the Linux kernel, the following vulnerability has been resolved: usbnet:fix NPE during rxcomplete Missing usbnetgoingaway Check in Critical Path. The usbsubmiturb function lacks a usbnetgoingaway validation, whereas usbnetqueueskb includes this check. This inconsistency creates a race conditio...
MAL-2024-2765 Malicious code in npe-toolkit-tools (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in npe-toolkit-tools (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-28255 Authentication Bypass in OpenMetadata
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...
CVE-2024-28255
OpenMetadata contains a flaw in the JwtFilter authentication check: the code may treat certain requests as excluded endpoints due to path parameters, allowing requests to bypass JWT validation and reach protected endpoints. The issue enables authentication bypass and, in combination with SpEL inj...
BIT-TENSORFLOW-2023-25672 TensorFlow has Null Pointer Error in LookupTableImportV2
TensorFlow is an open source platform for machine learning. The function tf.rawops.LookupTableImportV2 cannot handle scalars in the values parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...
java-21-openjdk security and bug fix update
1:21.0.1.0.12-2.0.1 - Add Oracle vendor bug URL 1:21.0.1.0.12-2 - Switch to using portable binaries built on RHEL 7 - Sync the copy of the portable specfile with the RHEL 7 version - Related: RHEL-12997 1:21.0.1.0.12-1 - Update to jdk-21.0.1.0+12 GA - Update release notes to 21.0.1.0+12 - Sync th...
CVE-2023-25672
TensorFlow is an open source platform for machine learning. The function tf.rawops.LookupTableImportV2 cannot handle scalars in the values parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...
AZL-35317 CVE-2023-25672 affecting package tensorflow for versions less than 2.11.1-1
TensorFlow is an open source platform for machine learning. The function tf.rawops.LookupTableImportV2 cannot handle scalars in the values parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...
Stack overflow
TensorFlow is an open source platform for machine learning. The function tf.rawops.LookupTableImportV2 cannot handle scalars in the values parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...
CVE-2023-25672 TensorFlow has Null Pointer Error in LookupTableImportV2
TensorFlow is an open source platform for machine learning. The function tf.rawops.LookupTableImportV2 cannot handle scalars in the values parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...
TensorFlow has Null Pointer Error in SparseSparseMaximum
Impact When SparseSparseMaximum is given invalid sparse tensors as inputs, it can give an NPE. python import tensorflow as tf tf.rawops.SparseSparseMaximum aindices=1, avalues = 0.1 , ashape = 2, bindices=, bvalues =2 , bshape = 2, Patches We have patched the issue in GitHub commit...