Malicious Package

Overview reactive-cdk-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in reactive-cdk-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84d7572f96294e867b18a0448ac0e70af3d08769749aa73388b38d88492559e4 package.json declares preinstall: node index.js, so installation automatically executes index.js. The script reads /etc/passwd via fs.readFileSync,...

MAL-2026-4254 Malicious code in reactive-cdk-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84d7572f96294e867b18a0448ac0e70af3d08769749aa73388b38d88492559e4 package.json declares preinstall: node index.js, so installation automatically executes index.js. The script reads /etc/passwd via fs.readFileSync,...

From Preventive to Reactive: How AI Coding Assistants Transform Developers' Security Awareness

AI coding assistants are now central to professional software development, yet their impact on how developers think about and practice security remains poorly understood. While prior work has documented vulnerability rates in AI-generated code, a more fundamental question persists: how do these...

GHSA-RC95-PCM8-65V9 Quarkus has Authentication/Authorization bypasses

Quarkus version 3.32.4 is vulnerable to an authorization bypass issue GHSL-2026-099, in which semicolons matrix parameters in HTTP requests can be used to bypass security constraints, potentially allowing unauthorized access to protected resources. Unauthenticated or lower-privileged users can...

CVE-2026-22748 Potential Security Misconfiguration when Using withIssuerLocation

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

OpenClaw has an unspecified vulnerability (CNVD-2026-16696)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause non-whitelisted guild members to trigger reactive events and inject reactive text into downstream session environments...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause non-whitelisted guild members to trigger reactive events and inject reactive text into downstream session environments...

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +679 more potentially affected by CVE-2026-22731 via org.springframework.boot:spring-boot-starter-actuator (>=4.0.0-M1 <=4.0.3)

org.springframework.boot:spring-boot-starter-actuator MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.2.1 and more Source cves: CVE-2026-22731 Source advisory: OSV:GHSA-8HFC-FQ58-R658...

UBUNTU-CVE-2026-22735

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

The Agile FedRAMP Playbook, Part 1: Why Risk is Your Best Starting Point

Compliance shouldn't mean a standstill for innovation. The first of our four-part series explores how Wiz quickly reached FedRAMP High through a "risk-first" philosophy. In parts 2-4 we’ll explore how Wiz helps with FedRAMP requirements through proactive, preventative, and reactive risk managemen...

Denial Of Service (DoS)

org.hibernate.reactive, hibernate-reactive-core is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of prematurely closed HTTP connections during database operations, which allows an attacker to exhaust the database connection pool by forcing connection leaks...

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by Netty CRLF injection vulnerability, SCRAM authentication vulnerability, Hibernate Reactive database connection leak vulnerability and Quarkus REST worker thread exhaustion vulnerability. Vulnerability Details CVEID:CVE-2025-14969 DESCRIPTION:...

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.2 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

hibernate-reactive-core: Hibernate Reactive: Denial of Service due to connection leak on HTTP client disconnect

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

Hibernate Reactive Vulnerable to DoS via Connection Pool Exhaustion

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

io.quarkus:quarkus-hibernate-reactive (>=3.34.6 <=3.34.7), io.quarkus:quarkus-hibernate-reactive-deployment (>=3.34.6 <=3.34.7) +11 more potentially affected by CVE-2025-14969 via org.hibernate.reactive:hibernate-reactive-core (=3.2.11.Final)

org.hibernate.reactive:hibernate-reactive-core MAVEN version =3.2.11.Final is affected by a known vulnerability. The following packages have a transitive dependency on org.hibernate.reactive:hibernate-reactive-core and may be impacted: - io.quarkus:quarkus-hibernate-reactive =3.34.6, =3.34.6,...

ai.pipestream:connector-admin-service (=0.1.18), ai.pipestream:pipestream-engine (=0.0.6) +22 more potentially affected by CVE-2025-14969 via org.hibernate.reactive:hibernate-reactive-core (>=3.0.0.Final <=3.1.10.Final)

org.hibernate.reactive:hibernate-reactive-core MAVEN version =3.0.0.Final, =0.1.21, =3.2.2.Final, =3.2.2.Final, =3.2.2.Final, =3.24.0, =3.24.0, =3.24.0, =3.24.0, =3.24.0, =3.24.0, =3.30.8 and more Source cves: CVE-2025-14969 Source advisory: SNYK:JAVA-ORGHIBERNATERE...

GHSA-FRPP-8PWQ-HJRX Hibernate Reactive Vulnerable to DoS via Connection Pool Exhaustion

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

ai.pipestream:connector-admin-service (=0.1.18), ai.pipestream:pipestream-engine (=0.0.6) +39 more potentially affected by CVE-2025-14969 via org.hibernate.reactive:hibernate-reactive-core (>=1.0.0.Alpha10 <=4.1.6.Final)

org.hibernate.reactive:hibernate-reactive-core MAVEN version =1.0.0.Alpha10, =0.1.7, =0.0.10, =0.0.1, =1.0.0, =2.0.0, =0.4.3, =0.4.3, =0.0.1, =2.2.0.Alpha2, =3.6.0.Alpha1 and more Source cves: CVE-2025-14969 Source advisory: OSV:GHSA-FRPP-8PWQ-HJRX...