257 matches found
MAL-2025-6870 Malicious code in @angular_devkit/build-webpack (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 053dbd5b72c824b5644482986fcc9a5caca48fcbe447f90f957e420418f2bcb4 The OpenSSF Package Analysis project identified '@angulardevkit/build-webpack' @ 99.1.1 npm as malicious. It is considered malicious because: -...
MAL-2025-6810 Malicious code in badger-doc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 102e103c2148dd46b3b7b80cbf9641deea29213407e46ee74af433da247bd9ef The OpenSSF Package Analysis project identified 'badger-doc' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6813 Malicious code in hcs-image-viewer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 28a35db26dad04831df161435cbbf5343e242f3ebc2fe7764b3feadd1926646c The OpenSSF Package Analysis project identified 'hcs-image-viewer' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in @sangith/newrelic (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis df1e3a9bd21e4d7ca6ae9595850002d67806ca9fd408d068bad6ce3a8a4c2dbf The OpenSSF Package Analysis project identified '@sangith/newrelic' @...
CVE-2025-55188
creationtimestamp| type| source ---|---|--- 2025-08-08 23:51:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvwgzkd4xl2d 2025-08-09 20:16:03+00:00| seen| https://seclists.org/oss-sec/2025/q3/82 2025-08-09 22:51:21+00:00| seen|...
CVE-2025-55014
creationtimestamp| type| source ---|---|--- 2025-08-08 10:24:28+00:00| seen| https://seclists.org/oss-sec/2025/q3/81 2025-08-13 03:49:46+00:00| seen| https://bsky.app/profile/thecascading.bsky.social/post/3lwawa53r2h2d...
Malicious code in undeface-test-2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 69c9b501034a030dc669fcc1ae2026db2508367cac00b2b2b7e4d8df0a78ad7e The OpenSSF Package Analysis project identified 'undeface-test-2' @ 9.9.9 npm as malicious. It is considered malicious because: - The package...
Security Bulletin: IBM Aspera Faspex is affected by open-source related vulnerabilities and unauthorized actions from authenticated users
Summary IBM Aspera Faspex has addressed vulnerabilities related to denial-of-service, inefficient code execution under specific conditions, and unintended traffic routing. The 3rd party vulnerabilities are for very specific use cases that are not necessarily exposed through Faspex. Additionally,...
mod_security security update
An update is available for modsecurity. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list ModSecurity is an open source intrusion detection and prevention engine f...
Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages
Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks. "As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to...
CVE-2025-53946
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.5 in the idfuncionario parameter of the /html/saude/profilepaciente.php endpoint. This vulnerability allows attacker to...
Malicious code in nbastatsleftnav (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 514ea2a983874eb46d5517a63e127b2503b1f9a0dc1ffa0a726e5f1dbd7559b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-46334
creationtimestamp| type| source ---|---|--- 2025-07-08 15:02:11+00:00| seen| https://github.blog/open-source/git/git-security-vulnerabilities-announced-6/ 2025-07-08 15:11:31+00:00| seen| https://seclists.org/oss-sec/2025/q3/13 2025-07-08 15:56:31+00:00| seen|...
CVE-2025-6018
creationtimestamp| type| source ---|---|--- 2025-06-17 18:03:49+00:00| seen| https://seclists.org/oss-sec/2025/q2/261 2025-06-18 05:02:08+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3lrua5yfpii2g 2025-06-18 06:56:58+00:00| seen|...
MAL-2025-4961 Malicious code in automated-native-creatives (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0108e88450eb534afdbdfd274f6737a7507f4a7915230a113296f63a2a2163fd Any computer that has this package installed or running should be considered...
CVE-2025-48877
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, Codepen is present in the default allowediframes site setting, and it can potentially auto-run arbitrary JS...
Moderate: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the security issues, including the impact, a CVSS...
Important: Red Hat Security Advisory: mod_security security update
An update for modsecurity is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update ...
tar-fs can extract outside the specified dir with a specific tarball
Impact v3.0.8, v2.1.2, v1.16.4 and below Patches Has been patched in 3.0.9, 2.1.3, and 1.16.5 Workarounds You can use the ignore option to ignore non files/directories. js ignore , header // pass files & directories, ignore e.g. symlinks return header.type !== 'file' && header.type !== 'directory...
Malicious code in @seo-frontend-components/card-blog-carousel-mobile (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1eaa599a9c0235a5d52b5534f4177883c03e7ae19496ef98593fadfc3a7ccef8 The OpenSSF Package Analysis project identified '@seo-frontend-components/card-blog-carousel-mobile' @ 1.999.2 npm as malicious. It is considere...