Malicious code in uidai_reusable_components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5875a720dc1cfc6e30a67b003fc43975fbef2e11352e715e19e55e54dd84ae67 On npm install, the preinstall lifecycle script in package.json executes an inline Node one-liner that collects the installer's hostname, OS username...

MAL-2026-5612 Malicious code in gpt-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9bdc5e04979d5b4f73407bcedaecc9df24dbb03e0bfbc0edefe333023dc50c On npm install, postinstall.js runs unconditionally and collects a wide range of installer-side reconnaissance data: hostname and FQDN, contents of...

CVE-2026-45662

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.0 and earlier, the deleteRegistry function in Dokploy packages/server/src/services/registry.ts executes docker logout $response.registryUrl without shell escaping. In the same file, the docker login command correctly uses shEsca...

EUVD-2026-33349

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.0 and earlier, the deleteRegistry function in Dokploy packages/server/src/services/registry.ts executes docker logout $response.registryUrl without shell escaping. In the same file, the docker login command correctly uses shEsca...

Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.29.0 contained a vulnerability related to operating system command injection. This vulnerability arose because the deleteRegistry function executed the docker logout command without proper shell escapin...

CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

[SECURITY] Fedora 36 Update: golang-github-appc-docker2aci-0.17.2-10.fc36

Docker2aci is a small library and CLI binary that converts Docker images to A CI. It takes as input either a file generated by "docker save" or a Docker regist ry URL. It gets all the layers of a Docker image and squashes them into an ACI image. Optionally, it can generate one ACI for each layer,...

[SECURITY] Fedora 36 Update: golang-github-appc-docker2aci-0.17.2-8.fc36

Docker2aci is a small library and CLI binary that converts Docker images to A CI. It takes as input either a file generated by "docker save" or a Docker regist ry URL. It gets all the layers of a Docker image and squashes them into an ACI image. Optionally, it can generate one ACI for each layer,...