120 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview @posthog/plugin-server is a PostHog Plugin Server Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malwa...
Race Condition
Argo CD is vulnerable to a race condition. The vulnerability is due to a flaw in the repository credentials handler that triggers a server panic during concurrent operations on the same repository URL, which allows an attacker to crash the Argo CD server...
VulnCheck KEV: CVE-2025-55190
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...
BIT-ARGO-CD-2025-55191 Repository Credentials Race Condition Crashes Argo CD Server
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0, 3.1.0 through 3.1.7, and 3.0.0 through 3.0.18 contain a race condition in the repository credentials handler that can cause the Argo CD server to panic and crash when concurrent...
GO-2025-4024 Argo Workflow may expose artifact repository credentials in github.com/argoproj/argo-workflows
Argo Workflow may expose artifact repository credentials in github.com/argoproj/argo-workflows...
GO-2025-3994 Repository Credentials Race Condition Crashes Argo CD Server in github.com/argoproj/argo-cd
Repository Credentials Race Condition Crashes Argo CD Server in github.com/argoproj/argo-cd...
Argo Workflow may expose artifact repository credentials
Summary An attacker who has permissions to read logs from pods in a namespace with Argo Workflow can read workflow-controller logs and get credentials to the artifact repository. Details An attacker, by reading the logs of the workflow controller pod, can access the artifact repository, and steal...
GHSA-C2HV-4PFJ-MM2R Argo Workflow may expose artifact repository credentials
Summary An attacker who has permissions to read logs from pods in a namespace with Argo Workflow can read workflow-controller logs and get credentials to the artifact repository. Details An attacker, by reading the logs of the workflow controller pod, can access the artifact repository, and steal...
CVE-2025-62157 Argo Workflows exposes artifact repository credentials in workflow-controller logs
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...
CVE-2025-61776 Dependency-Track possibly discloses private NuGet repository credentials to api.nuget.org
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...
EUVD-2011-3593
Malware in sbrugna...
EUVD-2012-0973
Malware in sbrugna...
Sensitive Information Disclosure
github.com/argoproj/argo-cd is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the project details API returning stored repository usernames and passwords in its response, and an attacker with a token scoped only for standard application management can call that endpoi...
EUVD-2025-31768
Malicious code in bioql PyPI...
EUVD-2025-26875
Malicious code in bioql PyPI...