MAL-2025-5473 Malicious code in vuepress-plugin-gitlabment (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-4373 Malicious code in mbm-dgacha (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 584950211093c6cada6fd340d94a5749b3ee5e10049a6d57b9d3f1c494050fa1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OPENSUSE-SU-2025:14867-1 amazon-ssm-agent-3.3.1957.0-2.1 on GA media

These are all security issues fixed in the amazon-ssm-agent-3.3.1957.0-2.1 package on the GA media of openSUSE Tumbleweed...

MAL-2025-1694 Malicious code in @mp-food/knapsack (npm)

--- -= Per source details. Do not edit below this line.=-...

GHSA-4P7M-GV97-7RQ5 vulnerabilities

Vulnerabilities for packages: openjdk-26-openj9, openjdk-17-openj9, openjdk-8-openj9, openjdk-11-openj9, openjdk-25-openj9, openjdk-21-openj9...

GHSA-7VX4-68W6-MM4P vulnerabilities

Vulnerabilities for packages: openjdk-26-openj9, openjdk-17-openj9, openjdk-8-openj9, openjdk-11-openj9, openjdk-25-openj9, openjdk-21-openj9...

openSUSE Security Advisory (SUSE-SU-2024:0893-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2024-12054 Malicious code in uid-2-test-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f2900f53327b861bd4050d2e38c0e867e8ace72a97f5525cb74f56a7af8373e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MGASA-2024-0358 Updated mpg123 packages fix security vulnerability

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution may not be dismissed. The complexity required to exploit this fla...

CVE-2024-45614 vulnerabilities

Vulnerabilities for packages: ruby3.2-puma, gitlab-cng...

MAL-2024-11603 Malicious code in haaahhaha (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8c6599371614e7710276d1475abae424b77a913aed8885e7191b0db82d96e40 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...

MAL-2025-6600 Malicious code in testpysecure (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a202500c9717ad118db7ef8eb8d4c1de85c1afdbb442748e18010d4cf6222d5b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

GHSA-H95X-26F3-88HR vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

OPENSUSE-SU-2024:13686-1 python310-FontTools-4.47.2-2.1 on GA media

These are all security issues fixed in the python310-FontTools-4.47.2-2.1 package on the GA media of openSUSE Tumbleweed...

BELL-CVE-2021-3735

Bulletin has no description...

MAL-2022-654 Malicious code in @tinkoff-react-bui/highlighter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f35ba0953c3d1b55af3ac66481e856e15f84300b58641282f67339e9fa1bbb3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...