58576 matches found
CVE-2026-9277
shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...
CVE-2026-9277 shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`
shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...
PT-2026-42766
Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.8.4 Description The quote function fails to validate object-token inputs against the operator model used by parse. Specifically, the .op field is escaped using a regular expression that does not match line...
org.open-metadata:openmetadata-dist (>=0.12.1 <=DEMO_BETA1), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.12.3) +2 more potentially affected by CVE-2026-46481 via org.open-metadata:openmetadata-service (>=DEMO_BETA1 <=1.12.3)
org.open-metadata:openmetadata-service MAVEN version =DEMOBETA1, =0.12.1, =1.12.0, =1.10.0, =1.12.3 - org.open-metadata:openmetadata-ui =0.12.1.preview Source cves: CVE-2026-46481 Source advisory: OSV:GHSA-9VMH-WHC4-7PHG...
Malicious code in oh-langfuse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83b229927c5bc228764ab11651b10bd06c6ff61edffa820a632c343aeec13037 The package configures Langfuse tracing for Claude Code, Codex, and OpenCode. When the operator runs the bundled CLI without explicitly overriding...
CLEANSTART-2026-TL66481 Security fixes for CVE-2024-24786, CVE-2024-35255, CVE-2025-22868, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-40179, CVE-2026-42151, CVE-2026-42154, CVE-2026-42499, CVE-2026-42501, CVE-2026-44903, ghsa-8rm2-7qqf-34qm, ghsa-fw8g-cg8f-9j28, ghsa-vffh-x6r8-xx99, ghsa-wg65-39gg-5wfj applied in versions: 0.69.1-r0, 0.69.1-r1, 0.87.1-r0, 0.89.0-r0
Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-MV81821 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-40179, CVE-2026-42151, CVE-2026-42154, CVE-2026-42499, CVE-2026-42501, CVE-2026-44903, ghsa-8rm2-7qqf-34qm, ghsa-fw8g-cg8f-9j28, ghsa-mh2q-q3fh-2475, ghsa-vffh-x6r8-xx99, ghsa-wg65-39gg-5wfj applied in versions: 0.87.1-r0, 0.87.1-r1, 0.87.1-r2, 0.87.1-r3
Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-LG79681 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27144, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-mh2q-q3fh-2475 applied in versions: 0.87.1-r0, 0.89.0-r0, 0.89.0-r1
Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-OD56729 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-mh2q-q3fh-2475 applied in versions: 0.87.1-r0, 0.88.1-r0, 0.89.0-r0
Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-CH40794 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 0.87.1-r0, 0.89.0-r0, 0.90.1-r0
Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-M7CR-M3PV-HGRP vulnerabilities
Vulnerabilities for packages: osv-scanner, grype, k9s, argo-workflows, flux-image-automation-controller, gitlab-runner, guac, pulumi-language-dotnet, kots, witness, gptscript, flux, goreleaser, scorecard, rancher-fleet, melange, argo-cd, external-secrets-operator, trivy, apko, bom, dagger, xeol,...
GHSA-CRHJ-59GH-8X96 vulnerabilities
Vulnerabilities for packages: osv-scanner, grype, k9s, argo-workflows, flux-image-automation-controller, gitlab-runner, guac, pulumi-language-dotnet, kots, witness, gptscript, flux, goreleaser, scorecard, rancher-fleet, melange, argo-cd, external-secrets-operator, trivy, apko, bom, dagger, xeol,...
CVE-2026-45571 vulnerabilities
Vulnerabilities for packages: osv-scanner, grype, k9s, argo-workflows, flux-image-automation-controller, gitlab-runner, guac, pulumi-language-dotnet, kots, witness, gptscript, flux, goreleaser, scorecard, rancher-fleet, melange, argo-cd, external-secrets-operator, trivy, apko, bom, dagger, xeol,...
CVE-2026-45570 vulnerabilities
Vulnerabilities for packages: osv-scanner, grype, k9s, argo-workflows, flux-image-automation-controller, gitlab-runner, guac, pulumi-language-dotnet, kots, witness, gptscript, flux, goreleaser, scorecard, rancher-fleet, melange, argo-cd, external-secrets-operator, trivy, apko, bom, dagger, xeol,...
CVE-2026-45571 vulnerabilities
Vulnerabilities for packages: argocd-image-updater-fips, kubevela, argo-cd-fips, k9s, kaniko, mapotf-fips, nemo, pulumi, skaffold-fips, trivy, kubevela-fips, pulumi-language-yaml, steampipe, xeol, kargo, cerbos-fips, gptscript, packer-fips, coder, trivy-operator, kaniko-fips, flux,...
GHSA-M7CR-M3PV-HGRP vulnerabilities
Vulnerabilities for packages: argocd-image-updater-fips, kubevela, argo-cd-fips, k9s, kaniko, mapotf-fips, nemo, pulumi, skaffold-fips, trivy, kubevela-fips, pulumi-language-yaml, steampipe, xeol, kargo, cerbos-fips, gptscript, packer-fips, coder, trivy-operator, kaniko-fips, flux,...
GHSA-CRHJ-59GH-8X96 vulnerabilities
Vulnerabilities for packages: argocd-image-updater-fips, kubevela, argo-cd-fips, k9s, kaniko, mapotf-fips, nemo, pulumi, skaffold-fips, trivy, kubevela-fips, pulumi-language-yaml, steampipe, xeol, kargo, cerbos-fips, gptscript, packer-fips, coder, trivy-operator, kaniko-fips, flux,...
GO-2026-4996 Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in github.com/grafana/tempo-operator
Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in github.com/grafana/tempo-operator...
Malicious code in vlifegram (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8771013473b84f29159a80ec15ce3e9897bc69908ddfa2438845811dd276d87c VLifeGram is published under its own name on PyPI but installs into the pyrogram/ namespace and ships a Pyrogram fork at version 2.1.2.4. It adds an...
EUVD-2026-31140
In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through srchFilter configurations on custom roles.The app contains an authorize.conf configuration file with a srchFilter entry that...