CVE-2025-12207

creationtimestamp| type| source ---|---|--- 2025-10-27 19:03:44+00:00| seen| https://seclists.org/oss-sec/2025/q4/79 2025-11-04 17:03:45+00:00| seen| https://seclists.org/oss-sec/2025/q4/132...

CVE-2025-61795

creationtimestamp| type| source ---|---|--- 2025-10-27 18:13:45+00:00| seen| https://seclists.org/oss-sec/2025/q4/77 2025-10-27 19:02:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4747uh2g32p 2025-10-27 19:33:15+00:00| seen|...

CVE-2025-12198

Last updated 29 October 2025 Notes mdeslaur This issue requires replacing the root-owned configuration file. See https://www.openwall.com/lists/oss-security/2025/10/27/1 This CVE is likely to be rejected. Marking as deferred for now...

Malicious code in doppler-secrets-fetch-github-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15ae1d785262a986eb630a24e7abcd16bd4c799262e11059e5911a40f184ee5c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-58148

creationtimestamp| type| source ---|---|--- 2025-10-21 10:02:37+00:00| seen| https://seclists.org/oss-sec/2025/q4/65 2025-10-21 12:35:52+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m3pdsf3t522b...

Malicious code in analytics-data-collection-fe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c5655e480e57af4b115f0660b3e96f7412f5d95816cd49858611d28761ea501 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-62228

creationtimestamp| type| source ---|---|--- 2025-10-09 13:48:50+00:00| seen| https://seclists.org/oss-sec/2025/q4/20...

Allstar 信任管理问题漏洞

Allstar is an Open Source Security Foundation open source security policy software. A trust management issue vulnerability exists in Allstar versions prior to 4.5, which stems from the Reviewbot component using a hard-coded shared key to validate an inbound webhook request, which could lead to a...

EUVD-2009-3421

Malware in sbrugna...

EUVD-2008-0926

Malware in sbrugna...

EUVD-2009-3423

Malware in sbrugna...

EUVD-2008-0927

Malware in sbrugna...

EUVD-2018-4206

Malware in sbrugna...

EUVD-2018-19977

Malware in sbrugna...

EUVD-2023-46370

Malicious code in bioql PyPI...

EUVD-2022-27693

Malicious code in bioql PyPI...

EUVD-2023-0414

Malicious code in bioql PyPI...

EUVD-2024-2344

Malicious code in bioql PyPI...

CVE-2025-61622

creationtimestamp| type| source ---|---|--- 2025-09-29 12:21:59+00:00| seen| https://seclists.org/oss-sec/2025/q3/229 2025-09-29 14:56:49+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lzybg6twzd2o 2025-10-01 11:24:40+00:00| seen|...

Our plan for a more secure npm supply chain

Open source software is the bedrock of the modern software industry. Its collaborative nature and vast ecosystem empower developers worldwide, driving efficiency and progress at an unprecedented scale. This scale also presents unique vulnerabilities that are continually tested and under attack by...