MAL-2025-28999 Malicious code in pebble-9283b-ihxpi-obsidian-project (npm)

The package pebble-9283b-ihxpi-obsidian-project was found to contain malicious code...

CVE-2025-1686

Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files...