51 matches found
CVE-2026-46699
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...
CVE-2026-46699 conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...
CVE-2026-46699
CVE-2026-46699 affects the conda-smithy tool. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories due to using mutable GitHub usernames as identifiers for repository invitation routing, instead of stable GitHu...
PT-2026-50794
Name of the Vulnerable Software and Affected Versions conda-smithy versions prior to 3.61.0 Description conda-smithy is a tool that combines a conda recipe with configurations to build using freely hosted CI services into a single repository. A flaw in the conda-forge automated webservices allows...
Astra Linux - уязвимость в pygments
A ReDoS issue was discovered in the pygments/lexers/smithy.py file within pygments, as of version 2.15.0, due to the use of SmithyLexer...
@0xflick/jest-dynamodb (=4.0.1-pre.2), @42technologies/secretstore-aws (>=1.0.1 <=1.0.2) +1495 more potentially affected by unknown CVE via @smithy/config-resolver (>=1.1.0 <=3.0.13)
@smithy/config-resolver NPM version =1.1.0, =1.0.1, =1.0.0, =1.0.1, =0.3.2, =0.3.2, =0.0.1, =0.10.2, =0.1.0, =0.5.0, =2.1.25, =2.3.0, =9.1.6, =2.2.2, =3.1.21 and more Source cves: unknown CVE Source advisory: OSV:GHSA-6475-R3VJ-M8VF...
AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value
CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...
GHSA-6475-R3VJ-M8VF AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value
CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...
PT-2026-3409
CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...
EUVD-2025-18564
Malicious code in bioql PyPI...
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.
...
CVE-2025-49824
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...
CVE-2025-49843
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...
CVE-2025-49843
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...
CVE-2025-49824
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...
CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...
CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...
CVE-2025-49824
CVE-2025-49824 affects the conda-smithy tool. Before 3.47.1, the travis_encrypt_binstar_token RSA signing code uses an outdated padding scheme, making it vulnerable to an Oracle Padding Attack. An attacker with oracle access can submit modified ciphertexts and, through response analysis, infer th...
CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...
CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...