78 matches found
GHSA-34XG-WGJX-8XPH vulnerabilities
Vulnerabilities for packages: nextcloud-server...
GHSA-VMF3-W455-68VH vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips, pulumi, prism, opensearch-dashboards, lerna, tileserver-gl-fips, npm, gitlab-rails-ce, opensearch-dashboards-fips, saf, tileserver-gl, wazuh-dashboard, code-server, wazuh-dashboard-fips, graalvm, actions-runner, homepage, kibana, renovate...
GHSA-H67P-54HQ-RP68 vulnerabilities
Vulnerabilities for packages: eslint, lerna, vitess, kubeflow-pipelines, code-server, airflow, saf, prism, tileserver-gl, opensearch-dashboards, pulumi, argo-workflows...
CLEANSTART-2026-EA12165 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-25680, CVE-2026-25681, CVE-2026-26958, CVE-2026-27136, CVE-2026-27139, CVE-2026-27142, CVE-2026-27145, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-33816, CVE-2026-34986, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-42499, CVE-2026-42502, CVE-2026-42504, CVE-2026-42506, CVE-2026-42507, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-273p-m2cw-6833, ghsa-4c4x-jm2x-pf9j, ghsa-4qg8-fj49-pxjh, ghsa-846p-jg2w-w324, ghsa-fcv2-xgw5-pqxf, ghsa-fphv-w9fq-2525, ghsa-jqc5-w2xx-5vq4, ghsa-pmwq-pjrm-6p5r, ghsa-whqx-f9j3-ch6m, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.14.1-r0, 1.14.1-r1, 1.14.1-r2, 1.14.1-r3, 1.14.1-r4, 1.14.5-r0, 1.14.5-r1
Multiple security vulnerabilities affect the spire-server package. These issues are resolved in later releases. See references for individual vulnerability details...
vantage6-algorithm-store (>=4.3.0 <=4.15.1rc1), vantage6-node (>=0.0.0 <=4.15.1rc1) +1 more potentially affected by CVE-2024-24769 via vantage6 (>=0.0.0 <=4.9.1)
vantage6 PYPI version =0.0.0, =4.3.0, =0.0.0, =0.0.0, =4.15.1rc1 Source cves: CVE-2024-24769 Source advisory: OSV:GHSA-5549-C5Q7-FJ65...
budibase (>=0.0.3 <=0.0.31) potentially affected by CVE-2026-45717 via @budibase/server (>=0.0.1 <=0.0.9)
@budibase/server NPM version =0.0.1, =0.0.3, =0.0.31 Source cves: CVE-2026-45717 Source advisory: OSV:GHSA-44M2-CRH7-F4Q2...
@paperclipai/server (>=2026.3.17-canary.2 <=2026.416.0-canary.1), companies.sh (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +4 more potentially affected by unknown CVE via @paperclipai/db (>=2026.318.0-canary.0 <=2026.416.0-canary.1)
@paperclipai/db NPM version =2026.318.0-canary.0, =2026.3.17-canary.2, =2026.324.0-canary.0, =2026.3.17-canary.3, =0.6.5, =0.6.6 Source cves: unknown CVE Source advisory: SNYK:JS-PAPERCLIPAIDB-16421488...
GHSA-5RQ4-664W-9X2C vulnerabilities
Vulnerabilities for packages: code-server, langfuse, opensearch-dashboards...
CLEANSTART-2026-AU31441 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the metrics-server-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
GHSA-3F26-J6R7-9Q8V vulnerabilities
Vulnerabilities for packages: xorg-server...
GHSA-6RW7-VPXM-498P vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips, argo-workflows, thingsboard, kubeflow-centraldashboard, langfuse, opensearch-dashboards, json-server, librechat, tileserver-gl-fips, gitlab-rails-ce, opensearch-dashboards-fips, langfuse-fips, saf, tileserver-gl, arangodb, code-server,...
@nocobase/devtools (>=2.0.0-alpha.2 <=2.0.0-alpha.51), @nocobase/server (>=2.0.0-alpha.2 <=2.0.0-alpha.51) +1 more potentially affected by CVE-2025-13877 via @nocobase/auth (>=2.0.0-alpha.2 <=2.0.0-alpha.51)
@nocobase/auth NPM version =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.51 Source cves: CVE-2025-13877 Source advisory: SNYK:JS-NOCOBASEAUTH-14287473...
EUVD-2025-124231
Malicious code in npm-server-mui-pm2 npm...
EUVD-2025-35680
Malicious code in demo-mercadopago-mcp-server npm...
EUVD-2020-0650
Malware in sbrugna...
MAL-2025-42116 Malicious code in wealthsimple-mcp-server (npm)
The package wealthsimple-mcp-server was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 7cd49239ea1d9566f39581393c8553ea1a1733f9ddb3a6dfc09ef5ad0c507122 This package installs a dependency hosted on a custom domain that...
MAL-2025-39296 Malicious code in win-server (npm)
The package win-server was found to contain malicious code...
openSUSE Security Advisory (SUSE-SU-2025:02564-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-774aa2765e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-4230-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...