GHSA-M4X9-HX6X-2C43 Spring Boot's random value property source uses a weak PRNG unsuitable for secrets

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

CVE-2026-40975

CVE-2026-40975 describes use of a cryptographically weak PRNG for Spring Boot’s random value property source (e.g., ${random.value}, ${random.int}, ${random.long}) used for secrets. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (...

MAL-2025-190753 Malicious code in @posthog/siphash (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06113daabd3bc99b8cdcc1c4641266cebd61a5f0f10df264b2f37c955a121c20 The package @posthog/siphash was found to contain malicious code. Source: ghsa-malware ed632d6b4db6b2f74973167d160350198cd9130da004e958f2f1d51d217e9c...

Linux Distros Unpatched Vulnerability : CVE-2024-0690

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLENOLOG configuration in some scenarios. Information is still...

Linux Distros Unpatched Vulnerability : CVE-2022-1706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only...

MAL-2024-510 Malicious code in wlwz-2312-3707 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de9f3d518e79865c5f64d8236b36c9c26d994d2ece8449a40bc967e65071d3b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-762 Malicious code in schema2x (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cb19fe5d19843c87b53b0b52539cc74f919d82a31151b81159b41bd40b1467a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5177 Malicious code in package-ion (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5b8ac63d905d68836f3d344e37ff19f950a3ddca0da0d9bd4a857cede197c5d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ignition: configs are accessible from unprivileged containers in VMs running on VMware products

A vulnerability was found in Ignition, where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets...

MAL-2022-2858 Malicious code in etg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae35f28939329e9291fab263150b01bd4b454f3b1093b70973d2ac8d7ff20b69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...