Lucene search
K

5 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/21 7:2 p.m.4 views

Malicious code in package-level-3 (npm)

The package communicates with a domain associated with malicious activity...

7AI score
Exploits0
OSV
OSV
added 2025/08/21 7:2 p.m.2 views

MAL-2025-41399 Malicious code in package-level-3 (npm)

The package communicates with a domain associated with malicious activity...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/16 12:0 a.m.5 views

GoLeash: Mitigating Golang Software Supply Chain Attacks with Runtime Policy Enforcement

Modern software supply chain attacks consist of introducing new, malicious capabilities into trusted third-party software components, in order to propagate to a victim through a package dependency chain. These attacks are especially concerning for the Go language ecosystem, which is extensively...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/11/30 2:4 a.m.4 views

SUSE CVE-2023-45286

A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buff...

5.9CVSS9.2AI score0.00728EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2023/11/28 4:31 p.m.33 views

CVE-2023-45286

A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buff...

5.9CVSS5.4AI score0.00728EPSS
Exploits1
Rows per page
Query Builder