Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. There is a security vulnerability in Fleet, which stems...

ESAA-Security: An Event-Sourced, Verifiable Architecture for Agent-Assisted Security Audits of AI-Generated Code

AI-assisted software generation has increased development speed, but it has also amplified a persistent engineering problem: systems that are functionally correct may still be structurally insecure. In practice, prompt-based security review with large language models often suffers from uneven...

EUVD-2022-34451

Malicious code in bioql PyPI...

EUVD-2025-23561

Malicious code in bioql PyPI...

Malicious code in phpenum (npm)

The package phpenum was found to contain malicious code...

MAL-2025-6624 Malicious code in zipf (PyPI)

--- -= Per source details. Do not edit below this line.=-...

GO-2025-3782 Incus creates nftables rules that partially bypass security options in github.com/lxc/incus

Incus creates nftables rules that partially bypass security options in github.com/lxc/incus...

GO-2025-3719 Traefik allows path traversal using url encoding in github.com/traefik/traefik

Traefik allows path traversal using url encoding in github.com/traefik/traefik...

GO-2025-3664 Linkerd resource exhaustion vulnerability in github.com/linkerd/linkerd2

Linkerd resource exhaustion vulnerability in github.com/linkerd/linkerd2...

MAL-2025-5133 Malicious code in sol-prices (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3d95d5a12e7c7a9753ed8a1612ade65f2e5775940dec3eadaefb47ec670bfc1d Code exfiltrates the current python code and/or IPythonshell history --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

GO-2025-3468 Authelia applies regulation separately to Username-based logins to Email-based logins in github.com/authelia/authelia

Authelia applies regulation separately to Username-based logins to Email-based logins in github.com/authelia/authelia...

Malicious code in metamask-sdk-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 563827ad840866efcd9358d913c0a4e28044e336ac6d4ebc9a33c631afd70ed4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11466 Malicious code in tatatata (npm)

--- -= Per source details. Do not edit below this line.=-...

GO-2022-0302 SQL injection in github.com/navidrome/navidrome

SQL injection in github.com/navidrome/navidrome...

GO-2022-0972 Panic in github.com/shamaton/msgpack/v2

Unmarshal can panic on some inputs, possibly allowing for denial of service attacks...

Malicious NPM Package Caught Mimicking Material Tailwind CSS Package

A malicious NPM package has been found masquerading as the legitimate software library for Material Tailwind, once again indicating attempts on the part of threat actors to distribute malicious code in open source software repositories. Material Tailwind is a CSS-based framework advertised by its...

rtxteam/rtx SQL injection vulnerability

rtxteam/rtx is a software repository. A SQL injection vulnerability exists in the GitHub repository rtxteam/rtx in versions prior to checkpoint2022-04-20, which stems from an SQL injection in the ARAX-UI synonym lookup function. An attacker could exploit this vulnerability to cause remote code...

Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices

Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems. Th...

RubyGems Packages Laced with Bitcoin-Stealing Malware

RubyGems, an open-source package repository and manager for the Ruby web programming language, has taken two of its software packages offline after they were found to be laced with malware. RubyGems provides a standard format for distributing Ruby programs and libraries in the service of building...

Parrot Security 3.9 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools...