Linux Distros Unpatched Vulnerability : CVE-2020-27637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The R programming language's default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability...

MAL-2025-11666 Malicious code in @zalastax/nolb-google-r (npm)

The package @zalastax/nolb-google-r was found to contain malicious code...

Malicious code in @zalastax/nolb-node-r_ (npm)

The package @zalastax/nolb-node-r was found to contain malicious code...

DEBIAN-CVE-2025-54956

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...

CVE-2025-54956

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...

CVE-2025-54956

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...

CVE-2025-54956

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...

CVE-2025-54956

CVE-2025-54956 affects the R package gh (pre-1.5.0). The vulnerability arises when an HTTP response is constructed to include the request’s Authorization header, potentially exposing credentials. Several connected advisories confirm the issue and provide mitigations: Debian LTS DLA-4378-1 notes a...

RSEC-2025-0 Arbitrary Code Execution (ACE) Vulnerability

A bug was identified in releases of the GH R package prior to version 1.5. This flaw could expose sensitive information, such as authentication tokens, through request headers during its operation if responses were cached to disk. We issued a Posit Security Advisory with the 1.5 release and...

PT-2025-31791

Name of the Vulnerable Software and Affected Versions gh package versions prior to 1.5.0 Description The gh package for R delivers an HTTP response that includes the Authorization header from the corresponding HTTP request. Recommendations Update the gh package to version 1.5.0 or later...

AZL-53423 CVE-2024-52338 affecting package ceph for versions less than 18.2.2-2

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

PYSEC-2024-161

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

CVE-2024-52338

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

CVE-2024-52338

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

CVE-2024-52338 Apache Arrow R package: Arbitrary code execution when loading a malicious data file

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

CVE-2024-52338

CVE-2024-52338 affects the Apache Arrow R package (versions 4.0.0–16.1.0). Deserialization of untrusted IPC/Parquet data allows arbitrary code execution. Affected users reading Arrow IPC, Feather, or Parquet data from untrusted sources are vulnerable. Upgrade to 17.0.0 or later to fix the issue. ...

CVE-2024-52338 Apache Arrow R package: Arbitrary code execution when loading a malicious data file

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

PT-2024-9096

Name of the Vulnerable Software and Affected Versions: Apache Arrow R package versions 4.0.0 through 16.1.0 Description: The issue is related to the deserialization of untrusted data in IPC and Parquet readers, which allows arbitrary code execution. An application is vulnerable if it reads Arrow...

Fedora: Security Advisory for R (FEDORA-2024-bc590cb3f1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-07b7b83a4f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...