@paperclipai/server (>=2026.3.17-canary.2 <=2026.416.0-canary.1), companies.sh (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +4 more potentially affected by unknown CVE via @paperclipai/db (>=2026.318.0-canary.0 <=2026.416.0-canary.1)

@paperclipai/db NPM version =2026.318.0-canary.0, =2026.3.17-canary.2, =2026.324.0-canary.0, =2026.3.17-canary.3, =0.6.5, =0.6.6 Source cves: unknown CVE Source advisory: SNYK:JS-PAPERCLIPAIDB-16421488...

parse-hipaa-dashboard (>=1.5.0 <=2.0.5) potentially affected by CVE-2026-27609 via parse-dashboard (>=7.3.0 <=8.5.0)

parse-dashboard NPM version =7.3.0, =1.5.0, =2.0.5 Source cves: CVE-2026-27609 Source advisory: OSV:GHSA-3534-XP88-25RC...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Malicious code in pega-package-dependency (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-47858 Malicious code in pega-package-dependency (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Linux Distros Unpatched Vulnerability : CVE-2025-5648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function rconspalinit in the library /libr/cons/pal.c of the...

@toptal/picasso (>=52.0.0 <=54.1.4-alpha-CPS-2606-migrate-to-tailwind-4-fe1684b09.0), @toptal/picasso-forms (>=73.0.6 <=73.2.15-alpha-CPS-2606-migrate-to-tailwind-4-fe1684b09.0) potentially affected by unknown CVE via @toptal/picasso-switch (>=4.0.0 <=4.0.9)

@toptal/picasso-switch NPM version =4.0.0, =52.0.0, =73.0.6, =73.2.15-alpha-CPS-2606-migrate-to-tailwind-4-fe1684b09.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-6064...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

Linux Distros Unpatched Vulnerability : CVE-2023-52923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No s...

Linux Distros Unpatched Vulnerability : CVE-2024-39476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - md/raid5: fix deadlock that raid5d wait for itself to clear MDSBCHANGEPENDING Xiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with small...

MAL-2025-191704 Malicious code in computestpspeedcomp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 32f4586fefb791454cfa5a7bebbdd0372f4660b05989bfcd74a6f5aad48cb565 Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...

ALSA-2024:9181 Moderate: jose security update

Jose is a C-language implementation of the Javascript Object Signing and Encryption standards. The jose package is a dependency of the clevis and tang packages, together providing Network Bound Disk Encryption NBDE in AlmaLinux. Security Fixes: jose: resource exhaustion CVE-2024-28176 jose: Denia...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +131 more potentially affected by CVE-2024-37568 via authlib (>=0.10.0 <=1.3.0)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0, =0.0.1, =0.1.0, =1.0.3, =2.0.0, =0.0.59, =0.5.0, =1.6.1, =4.2.0.43, =0.1.0, =0.3.0 and more Source cves: CVE-2024-37568 Source advisory: OSV:GHSA-5357-C2JX-V7QH...

SUSE-SU-2023:4496-1 Security update for libreoffice

This update for fixes the following issues: libreoffice was updated rom 7.5.4.1 to 7.6.2.1 jscPED-6799, jscPED-6800: - For the highlights of changes of version 7.6 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.6 - You can check for each minor releas...

CVE-2023-40030

Summary (CVE-2023-40030): Cargo could include unescaped Cargo feature names in the timings report, enabling potential cross-site scripting if the report is uploaded to a site that uses credentials. This affects builds using dependencies from git/local paths/alternative registries; crates.io-only ...

Kubeclarity - Tool For Detection And Management Of Software Bill Of Materials (SBOM) And Vulnerabilities Of Container Images And Filesystems

KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security. SBOM & vulnerability detection challenges Effective...

[SECURITY] Fedora 35 Update: libsolv-0.7.21-1.fc35

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: - Using a dictionary approach to store and retrieve package and dependency information. - Using satisfiability, a well known and researched topic, for resolving package...

CVE-2021-23567

CVE-2021-23567 affects the colors.js package (colors) after version 1.4.0 due to an infinite loop in the americanFlag module, enabling a Denial of Service condition. Multiple sources (NVD, OSV, GHSA) describe the vulnerable code path and attribute it to a deliberate change by a maintainer. IBM bu...

CVE-2021-3840

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...

CVE-2021-3840

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...