26 matches found
GHSA-Q53Q-5R4J-5729 rattler has an entry-point path traversal in noarch:python install (arbitrary file write)
Summary EntryPoint::FromStr in rattlercondatypes performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, , or an...
rattler has an entry-point path traversal in noarch:python install (arbitrary file write)
Summary EntryPoint::FromStr in rattlercondatypes performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, , or an...
CVE-2025-4574 vulnerabilities
Vulnerabilities for packages: lychee, nushell, ruff, samply, starship, yara-x, zed, rust-analyzer, deno, yazi, fd, wasmcloud, oxipng, oranda, pixi, wadm, cargo-c, cargo-audit...
CVE-2025-4574 vulnerabilities
Vulnerabilities for packages: yazi, lychee, yara-x, nushell, samply, pixi, deno, rust-analyzer, cargo-audit, starship, fd, ruff, cargo-c, oranda, oxipng, ztunnel-fips, wadm, wasmcloud, zed, ztunnel...
GHSA-J5GW-2VRG-8FGX vulnerabilities
Vulnerabilities for packages: pixi...
CVE-2025-62518 vulnerabilities
Vulnerabilities for packages: pixi...
GHSA-J5GW-2VRG-8FGX vulnerabilities
Vulnerabilities for packages: pixi...
CVE-2025-62518 vulnerabilities
Vulnerabilities for packages: pixi...
CVE-2025-55159 vulnerabilities
Vulnerabilities for packages: zola, shadowsocks-rust, linkerd2-proxy, mdbook, efs-utils, linkerd2, buck2, pixi, linkerd-extension-init, uv...
GHSA-QX2V-8332-M4FV vulnerabilities
Vulnerabilities for packages: zola, shadowsocks-rust, linkerd2-proxy, mdbook, efs-utils, linkerd2, buck2, pixi, linkerd-extension-init, uv...
CVE-2025-55159 vulnerabilities
Vulnerabilities for packages: linkerd2-proxy, zola, shadowsocks-rust, pixi, linkerd-extension-init, efs-utils, jujutsu, mdbook, uv, linkerd2, buck2...
GHSA-QX2V-8332-M4FV vulnerabilities
Vulnerabilities for packages: linkerd2-proxy, zola, shadowsocks-rust, pixi, linkerd-extension-init, efs-utils, jujutsu, mdbook, uv, linkerd2, buck2...
GHSA-4P46-PWFR-66X6 vulnerabilities
Vulnerabilities for packages: fnm, lychee, ntpd-rs, rustup, tealdeer, nushell, samply, pixi, xh, deno, wasm-pack, wasmtime, rustls-ffi, cargo-audit, zola, sqlx, kdash, linkerd-extension-init, sccache, qdrant, rye, oranda, wash, buck2, linkerd2-proxy, ztunnel-fips, shadowsocks-rust, wadm, atuin,...
GHSA-QG5G-GV98-5FFH vulnerabilities
Vulnerabilities for packages: tealdeer, wadm, pixi, cargo-audit, xh, qdrant, wasmcloud, fnm, parseable, wasm-pack, zed, wash, uv, ztunnel, ntpd-rs...
GHSA-2326-PFPJ-VX3H vulnerabilities
Vulnerabilities for packages: nushell, parseable, deno, pixi, wash...
GHSA-VR26-JCQ5-FJJ8 vulnerabilities
Vulnerabilities for packages: pixi, qdrant, wasmcloud, wash, uv...
GHSA-Q445-7M23-QRMW vulnerabilities
Vulnerabilities for packages: sdp-k8s-injector, rustup, berg, pixi, sccache, zed, lychee...
Malicious code in react-pixi-racing-game (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76e55c2191d81dcbf4dca7084541df10960efd30dadd5a555b1eb71379bbe7f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5667 Malicious code in react-pixi-racing-game (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76e55c2191d81dcbf4dca7084541df10960efd30dadd5a555b1eb71379bbe7f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Pixi Ein Tag voller Abenteuer - Base64 encoded String, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Pixi Ein Tag voller Abenteuer published at the 'play' market has multiple vulnerabilities...