95 matches found
EUVD-2025-27051
Malicious code in bioql PyPI...
EUVD-2025-27052
Malicious code in bioql PyPI...
EUVD-2025-19434
Malicious code in bioql PyPI...
EUVD-2025-27053
Malicious code in bioql PyPI...
EUVD-2025-19433
Malicious code in bioql PyPI...
EUVD-2025-22473
Malicious code in bioql PyPI...
CVE-2025-58374
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle...
CVE-2025-58372
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files .code-workspace are not protected in the same way as the .vscode folder. If the agent was configured to auto-appro...
CVE-2025-58373
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections could be bypassed using symlinks. This allows an attacker with write access to the workspace to trick the extension into reading files th...
CVE-2025-58371
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...
CVE-2025-58370
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of...
CVE-2025-58374
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle...
CVE-2025-58374 Roo Code: Auto-approve allows npm install execution of malicious postinstall scripts
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle...
CVE-2025-58374 Roo Code: Auto-approve allows npm install execution of malicious postinstall scripts
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle...
CVE-2025-58374
Summary (CVE-2025-58374): Roo Code versions 3.25.23 and earlier allow an auto-approved npm install that can execute a repository’s postinstall script, enabling arbitrary code execution. Root cause: npm install is in the default auto-approve list, so malicious postinstall scripts run without user ...
PT-2025-36345
Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.25.23 and below Description: Roo Code is an AI-powered autonomous coding agent. Versions 3.25.23 and below include npm install in a default list of auto-approved commands. Because npm install executes lifecycle scripts, a...
Roo Code 操作系统命令注入漏洞
Roo Code is an AI-based autonomous coding agent from Roo Code. An operating system command injection vulnerability exists in Roo Code 3.25.23 and earlier versions, which stems from the npm install auto-execute script and could lead to arbitrary code execution...
CVE-2025-58371
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution RCE on the Actions runner...
CVE-2025-58370
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of...
CVE-2025-58372
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files .code-workspace are not protected in the same way as the .vscode folder. If the agent was configured to auto-appro...