a2a-lite (>=0.1.0 <=0.2.2), adb-connect-qr (>=0.1.0 <=0.1.3) +582 more potentially affected by CVE-2026-47184 via zeroconf (>=0.102.0 <=0.149.3)

zeroconf PYPI version =0.102.0, =0.1.0, =0.1.0, =0.1.0, =1.0.2, =1.0.1, =0.0.1, =1.4.8, =2.6.28, =0.7.1, =0.0.1, =1.7.0, =0.2.38, =3.2.20 and more Source cves: CVE-2026-47184 Source advisory: SNYK:PYTHON-ZEROCONF-17111094...

@paperclipai/server (>=2026.3.17-canary.2 <=2026.416.0-canary.1), companies.sh (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +4 more potentially affected by unknown CVE via @paperclipai/db (>=2026.318.0-canary.0 <=2026.416.0-canary.1)

@paperclipai/db NPM version =2026.318.0-canary.0, =2026.3.17-canary.2, =2026.324.0-canary.0, =2026.3.17-canary.3, =0.6.5, =0.6.6 Source cves: unknown CVE Source advisory: SNYK:JS-PAPERCLIPAIDB-16421488...

parse-hipaa-dashboard (>=1.5.0 <=2.0.5) potentially affected by CVE-2026-27609 via parse-dashboard (>=7.3.0 <=8.5.0)

parse-dashboard NPM version =7.3.0, =1.5.0, =2.0.5 Source cves: CVE-2026-27609 Source advisory: OSV:GHSA-3534-XP88-25RC...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Malicious code in pega-package-dependency (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-47858 Malicious code in pega-package-dependency (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Linux Distros Unpatched Vulnerability : CVE-2025-5648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function rconspalinit in the library /libr/cons/pal.c of the...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

Linux Distros Unpatched Vulnerability : CVE-2024-39476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - md/raid5: fix deadlock that raid5d wait for itself to clear MDSBCHANGEPENDING Xiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with small...

Linux Distros Unpatched Vulnerability : CVE-2023-52923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No s...

MAL-2025-191704 Malicious code in computestpspeedcomp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 32f4586fefb791454cfa5a7bebbdd0372f4660b05989bfcd74a6f5aad48cb565 Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...

ALSA-2024:9181 Moderate: jose security update

Jose is a C-language implementation of the Javascript Object Signing and Encryption standards. The jose package is a dependency of the clevis and tang packages, together providing Network Bound Disk Encryption NBDE in AlmaLinux. Security Fixes: jose: resource exhaustion CVE-2024-28176 jose: Denia...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +131 more potentially affected by CVE-2024-37568 via authlib (>=0.10.0 <=1.3.0)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0, =0.0.1, =0.1.0, =1.0.3, =2.0.0, =0.0.59, =0.5.0, =1.6.1, =4.2.0.43, =0.1.0, =0.3.0 and more Source cves: CVE-2024-37568 Source advisory: OSV:GHSA-5357-C2JX-V7QH...

SUSE-SU-2023:4496-1 Security update for libreoffice

This update for fixes the following issues: libreoffice was updated rom 7.5.4.1 to 7.6.2.1 jscPED-6799, jscPED-6800: - For the highlights of changes of version 7.6 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.6 - You can check for each minor releas...

CVE-2023-40030

Summary (CVE-2023-40030): Cargo could include unescaped Cargo feature names in the timings report, enabling potential cross-site scripting if the report is uploaded to a site that uses credentials. This affects builds using dependencies from git/local paths/alternative registries; crates.io-only ...

Kubeclarity - Tool For Detection And Management Of Software Bill Of Materials (SBOM) And Vulnerabilities Of Container Images And Filesystems

KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security. SBOM & vulnerability detection challenges Effective...

[SECURITY] Fedora 35 Update: libsolv-0.7.21-1.fc35

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: - Using a dictionary approach to store and retrieve package and dependency information. - Using satisfiability, a well known and researched topic, for resolving package...

CVE-2021-23567

CVE-2021-23567 affects the colors.js package (colors) after version 1.4.0 due to an infinite loop in the americanFlag module, enabling a Denial of Service condition. Multiple sources (NVD, OSV, GHSA) describe the vulnerable code path and attribute it to a deliberate change by a maintainer. IBM bu...

CVE-2021-3840

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...

CVE-2021-3840

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...