mahoraga (>=0.1.0 <=0.6.0), pixi-browse (>=0.0.1 <=0.0.13) +8 more potentially affected by CVE-2026-47425 via py-rattler (>=0.22.0 <=0.23.2)

py-rattler PYPI version =0.22.0, =0.1.0, =0.0.1, =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.1.3, =0.3.0 - xarray-minimum-dependency-policy =2.0.0 Source cves: CVE-2026-47425 Source advisory: OSV:GHSA-Q53Q-5R4J-5729...

rattler has an entry-point path traversal in noarch:python install (arbitrary file write)

Summary EntryPoint::FromStr in rattlercondatypes performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, , or an...

GHSA-Q53Q-5R4J-5729 rattler has an entry-point path traversal in noarch:python install (arbitrary file write)

Summary EntryPoint::FromStr in rattlercondatypes performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, , or an...

CVE-2025-4574 vulnerabilities

Vulnerabilities for packages: ruff, yara-x, oxipng, cargo-audit, cargo-c, deno, pixi, rust-analyzer, fd, samply, nushell, yazi, wadm, oranda, starship, zed, wasmcloud, lychee...

CVE-2025-4574 vulnerabilities

Vulnerabilities for packages: wadm, starship, pixi, oxipng, wasmcloud, deno, ztunnel, fd, zed, lychee, yara-x, samply, ztunnel-fips, oranda, cargo-audit, ruff, yazi, rust-analyzer, nushell, cargo-c...

CVE-2025-62518 vulnerabilities

Vulnerabilities for packages: pixi...

GHSA-J5GW-2VRG-8FGX vulnerabilities

Vulnerabilities for packages: pixi...

CVE-2025-62518 vulnerabilities

Vulnerabilities for packages: pixi...

GHSA-J5GW-2VRG-8FGX vulnerabilities

Vulnerabilities for packages: pixi...

CVE-2025-55159 vulnerabilities

Vulnerabilities for packages: linkerd2-proxy, linkerd-extension-init, pixi, mdbook, uv, buck2, linkerd2, zola, efs-utils, shadowsocks-rust...

GHSA-QX2V-8332-M4FV vulnerabilities

Vulnerabilities for packages: linkerd2-proxy, linkerd-extension-init, pixi, mdbook, uv, buck2, linkerd2, zola, efs-utils, shadowsocks-rust...

CVE-2025-55159 vulnerabilities

Vulnerabilities for packages: uv, mdbook, efs-utils, buck2, linkerd2, shadowsocks-rust, pixi, linkerd-extension-init, zola, linkerd2-proxy, jujutsu...

GHSA-QX2V-8332-M4FV vulnerabilities

Vulnerabilities for packages: uv, mdbook, efs-utils, buck2, linkerd2, shadowsocks-rust, pixi, linkerd-extension-init, zola, linkerd2-proxy, jujutsu...

GHSA-4P46-PWFR-66X6 vulnerabilities

Vulnerabilities for packages: wadm, parseable, pixi, linkerd-extension-init, fnm, rustls-ffi, sqlx, wash, xh, buck2, rustup, ntpd-rs, tealdeer, wasmcloud, linkerd2-proxy, rye, deno, ztunnel, kdash, zed, lychee, wasm-pack, sccache, samply, shadowsocks-rust, atuin, ztunnel-fips, oranda, cargo-audit...

GHSA-QG5G-GV98-5FFH vulnerabilities

Vulnerabilities for packages: uv, zed, wadm, wash, wasm-pack, xh, ntpd-rs, parseable, pixi, qdrant, tealdeer, wasmcloud, ztunnel, fnm, cargo-audit...

GHSA-2326-PFPJ-VX3H vulnerabilities

Vulnerabilities for packages: pixi, deno, parseable, nushell, wash...

GHSA-VR26-JCQ5-FJJ8 vulnerabilities

Vulnerabilities for packages: uv, wash, pixi, qdrant, wasmcloud...

GHSA-Q445-7M23-QRMW vulnerabilities

Vulnerabilities for packages: zed, lychee, rustup, sccache, pixi, berg, sdp-k8s-injector...

Malicious code in react-pixi-racing-game (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76e55c2191d81dcbf4dca7084541df10960efd30dadd5a555b1eb71379bbe7f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5667 Malicious code in react-pixi-racing-game (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76e55c2191d81dcbf4dca7084541df10960efd30dadd5a555b1eb71379bbe7f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...