29 matches found
GHSA-3RJW-M598-PQ24 vulnerabilities
Vulnerabilities for packages: komodo, apollo-router, deno, mountpoint-s3, yazi, pixi...
CVE-2026-50185 vulnerabilities
Vulnerabilities for packages: komodo, apollo-router, deno, mountpoint-s3, yazi, pixi...
mahoraga (>=0.5.1 <=0.6.0), pixi-browse (>=0.0.1 <=0.0.13) +2 more potentially affected by CVE-2026-47425 via py-rattler (>=0.22.0 <=0.23.2)
py-rattler PYPI version =0.22.0, =0.5.1, =0.0.1, =0.1.0, =0.8.0 Source cves: CVE-2026-47425 Source advisory: OSV:GHSA-Q53Q-5R4J-5729...
GHSA-Q53Q-5R4J-5729 rattler has an entry-point path traversal in noarch:python install (arbitrary file write)
Summary EntryPoint::FromStr in rattlercondatypes performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, , or an...
rattler has an entry-point path traversal in noarch:python install (arbitrary file write)
Summary EntryPoint::FromStr in rattlercondatypes performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, , or an...
CVE-2025-4574 vulnerabilities
Vulnerabilities for packages: nushell, oranda, cargo-c, wasmcloud, pixi, rust-analyzer, deno, cargo-audit, wadm, samply, yara-x, starship, yazi, oxipng, fd, zed, ruff, lychee...
CVE-2025-4574 vulnerabilities
Vulnerabilities for packages: wasmcloud, lychee, deno, rust-analyzer, cargo-c, yazi, pixi, cargo-audit, ztunnel, starship, samply, ztunnel-fips, wadm, zed, nushell, oranda, fd, ruff, yara-x, oxipng...
GHSA-J5GW-2VRG-8FGX vulnerabilities
Vulnerabilities for packages: pixi...
CVE-2025-62518 vulnerabilities
Vulnerabilities for packages: pixi...
GHSA-J5GW-2VRG-8FGX vulnerabilities
Vulnerabilities for packages: pixi...
CVE-2025-62518 vulnerabilities
Vulnerabilities for packages: pixi...
CVE-2025-55159 vulnerabilities
Vulnerabilities for packages: linkerd-extension-init, shadowsocks-rust, zola, pixi, linkerd2, linkerd2-proxy, uv, buck2, efs-utils, mdbook...
GHSA-QX2V-8332-M4FV vulnerabilities
Vulnerabilities for packages: linkerd-extension-init, shadowsocks-rust, zola, pixi, linkerd2, linkerd2-proxy, uv, buck2, efs-utils, mdbook...
CVE-2025-55159 vulnerabilities
Vulnerabilities for packages: buck2, linkerd-extension-init, zola, shadowsocks-rust, efs-utils, uv, mdbook, jujutsu, linkerd2-proxy, linkerd2, pixi...
GHSA-QX2V-8332-M4FV vulnerabilities
Vulnerabilities for packages: buck2, linkerd-extension-init, zola, shadowsocks-rust, efs-utils, uv, mdbook, jujutsu, linkerd2-proxy, linkerd2, pixi...
GHSA-4P46-PWFR-66X6 vulnerabilities
Vulnerabilities for packages: wasm-pack, wasmcloud, sqlx, linkerd2-proxy, xh, lychee, deno, fnm, atuin, wasmtime, pixi, buck2, shadowsocks-rust, uv, cargo-audit, ztunnel, rye, parseable, kdash, wash, samply, rustls-ffi, ztunnel-fips, rustup, ntpd-rs, linkerd-extension-init, wadm, zed, sccache,...
GHSA-QG5G-GV98-5FFH vulnerabilities
Vulnerabilities for packages: wadm, uv, cargo-audit, ztunnel, wasm-pack, wasmcloud, xh, tealdeer, zed, parseable, qdrant, fnm, wash, ntpd-rs, pixi...
GHSA-2326-PFPJ-VX3H vulnerabilities
Vulnerabilities for packages: nushell, parseable, pixi, deno, wash...
GHSA-VR26-JCQ5-FJJ8 vulnerabilities
Vulnerabilities for packages: uv, wasmcloud, qdrant, wash, pixi...
GHSA-Q445-7M23-QRMW vulnerabilities
Vulnerabilities for packages: berg, zed, sdp-k8s-injector, lychee, sccache, rustup, pixi...