apache-gravitino (>=1.2.0 <=1.2.1rc2), cloudquery-plugin-sdk (=0.1.52) +12 more potentially affected by CVE-2026-32274 via black (>=26.1.0 <=26.3.0)

black PYPI version =26.1.0, =1.2.0, =0.4.0, =2.189.0, =0.12.0, =0.7.4, =0.8.0, =0.1.8, =2.54.8, =0.17.1, =1.2.1, =0.1.2, =0.1.0, =0.1.5 Source cves: CVE-2026-32274 Source advisory: SNYK:PYTHON-BLACK-15518063...

Credentials Exposure

github.com/grafana/grafana-plugin-sdk-go is vulnerable to Credentials Exposure. The vulnerability is due to the inclusion of the full repository URI, including credentials, in the metadata bundled within the compiled binaries during the build process, which allows an attacker to gain unauthorized...

CVE-2024-8986

A flaw was found in grafana-plugin-sdk-go package. The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository UR...

CVE-2024-8986 Information Leakage in grafana-plugin-sdk-go

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...

CVE-2024-8986 Information Leakage in grafana-plugin-sdk-go

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...

CVE-2024-8986

CVE-2024-8986 is tied to Grafana’s grafana-plugin-sdk-go which embeds build metadata in binaries, including the repository URL obtained via git remote get-url origin. If credentials are present in that URL, the final binary may contain the full URI with credentials, creating a risk of credential ...

Information Leakage in grafana-plugin-sdk-go

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin . If credentials are included in the repository URI for instance, to allow for fetching of private...

PT-2024-6336 · Grafana · Grafana Plugin Sdk

Name of the Vulnerable Software and Affected Versions: Grafana Plugin SDK versions prior to 0.250.0 Description: The issue is related to the Grafana Plugin SDK bundling build metadata into the binaries it compiles, which includes the repository URI for the plugin being built. If credentials are...

antimatter (=0.1.3), arcaflow-plugin-sdk (=0.13.0) +3 more potentially affected by CVE-2024-26134 via cbor2 (>=5.5.1 <=5.6.1)

cbor2 PYPI version =5.5.1, =0.1.0, =1.20.0, =0.0.2, =0.0.6 Source cves: CVE-2024-26134 Source advisory: OSV:GHSA-375G-39JQ-VQ7M...

antimatter (=0.1.3), arcaflow-plugin-sdk (=0.13.0) +3 more potentially affected by CVE-2024-26134 via cbor2 (>=5.5.1 <=5.6.1)

cbor2 PYPI version =5.5.1, =0.1.0, =1.20.0, =0.0.2, =0.0.6 Source cves: CVE-2024-26134 Source advisory: OSV:PYSEC-2024-155...

CVE-2022-32576

Uncontrolled search path in the IntelR UniteR Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

Privilege escalation

Uncontrolled search path in the IntelR UniteR Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-32576

CVE-2022-32576 is an issue in the Intel® Unite® Plugin SDK prior to 4.2. The root cause is an uncontrolled search path, which may allow an authenticated user to escalate privileges via local access. Affected product: Intel® Unite® Plugin SDK before 4.2. As remediation, Intel recommends updating t...

Intel® Unite® Plugin SDK Advisory

Summary: A potential security vulnerability in the Intel® Unite® Plugin Software Development Kit SDK may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-32576 Description: Uncontrolled search path ...

Malicious code in courier-plugin-sdk-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 014002d316a160561d5ca8a30a271023a3de0d8d96de4c938aa0da0a1bdac3b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2216 Malicious code in courier-plugin-sdk-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 014002d316a160561d5ca8a30a271023a3de0d8d96de4c938aa0da0a1bdac3b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...