EUVD-2024-19437

Malicious code in bioql PyPI...

EUVD-2022-7596

Malicious code in bioql PyPI...

EUVD-2023-44891

Malicious code in bioql PyPI...

GHSA-G272-MW8V-RCQJ vulnerabilities

Vulnerabilities for packages: openjdk-17-openj9, openjdk-25-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-21-openj9...

CVE-2025-54583 GitProxy bypasses approvals when pushing multiple branches

GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted...

CVE-2025-54072

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

GHSA-P53J-G8PW-4W5F

creationtimestamp| type| source ---|---|--- 2025-07-16 04:24:10+00:00| seen| https://gist.github.com/safer-bot/930216c8ddbe20a630c79f2785e35eec 2025-07-16 09:49:54+00:00| seen| https://gist.github.com/safer-bot/57636fb56c908ea716ca50f36824e43c 2025-07-16 16:29:07+00:00| seen|...

CVE-2025-43711

Tunnelblick 3.5beta06 before 7.0 is vulnerable to arbitrary code execution as root on the next boot when a crafted Tunnelblick.app is dragged into /Applications, due to incomplete uninstallation. Affected: Tunnelblick versions 3.5beta06–7.0 (per conflicting sources). Remediation: upgrade to a new...

GHSA-24WV-6C99-F843 Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution

Impact Using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code, without being authenticated. With the ability to execute arbitrary code, this vulnerability can be exploited in an infinite number of ways. It could be used t...

CVE-2023-43661

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch...

CVE-2023-37473

zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. Passing callable strings ie system caused the function to be executed. This would result in a limited subset of specific user input being executed as if it were code. This issue has been addressed in commit...

CVE-2023-35839

A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload...

CVE-2023-43364

main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution...

CVE-2021-34182

An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions...

CVE-2021-29369

The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands...

CVE-2020-9580

Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2013-0685

Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service resource consumption via unknown vectors...

CVE-2025-30379

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2025-29823

The CVE-2025-29823 entry describes a use-after-free vulnerability in Microsoft Excel (part of Microsoft Office) that enables local arbitrary code execution. The initial description states an unauthorized attacker could execute code locally due to the flaw. Connected documents corroborate exposure...

GHSA-W32M-9786-JP63

creationtimestamp| type| source ---|---|--- 2025-02-25 19:44:55+00:00| seen| https://gist.github.com/ruokun-niu/25de36e2d9507c94536ff4058d807551...