Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery

Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code VS Code extensions published in the marketplace. The action comes following a report from cloud security company Wiz earlier...

New Shai-hulud Worm Infecting npm Packages With Millions of Downloads

ReversingLabs discovers "Shai-hulud," a self-replicating computer worm on the npm open-source registry. Learn how the malware steals developer…...

CVE-2025-32019

Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed ...

CVE-2025-32019

Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed ...

Mirror Registry 安全漏洞

Mirror Registry is a QUAY open source standalone registry for installing mirror images for Openshift. A security vulnerability exists in Mirror Registry that stems from improperly written permissions in the /etc/passwd file, which could lead to elevated privileges...