GHSA-JQ35-7PRP-9V3F vulnerabilities

Vulnerabilities for packages: datadog-agent...

GHSA-5XF4-F2FQ-F69J vulnerabilities

Vulnerabilities for packages: yarn...

GHSA-5CCW-23GM-2H2F vulnerabilities

Vulnerabilities for packages: openjdk...

GHSA-HPM9-74QX-6X32 vulnerabilities

Vulnerabilities for packages: openjdk...

CVE-2026-22018 vulnerabilities

Vulnerabilities for packages: openjdk...

GHSA-HMW2-7CC7-3QXX vulnerabilities

Vulnerabilities for packages: langfuse, kubeflow-centraldashboard, jitsucom-jitsu...

CVE-2026-9679

Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...

CVE-2026-9697

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

firefox: Sandbox escape due to use-after-free in the Disability Access APIs component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...

GHSA-R47G-FVHR-H676 vulnerabilities

Vulnerabilities for packages: langfuse-fips, langfuse...

GHSA-R7G4-QG5F-QQM2 vulnerabilities

Vulnerabilities for packages: unleash, langfuse...

GHSA-5RVQ-CXJ2-64VF vulnerabilities

Vulnerabilities for packages: litellm, tritonserver-backend-vllm-cuda-12.9, wazuh-manager-fips, airflow-postgres-fips...

GHSA-G3CQ-J2XW-WF74 vulnerabilities

Vulnerabilities for packages: mlflow...

GHSA-XCGM-R5H9-7989 vulnerabilities

Vulnerabilities for packages: mlflow...

GHSA-4FVR-RGM6-GQMC vulnerabilities

Vulnerabilities for packages: mlflow...

firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...

CVE-2026-54280 vulnerabilities

Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0, metaflow-service-fips, authentik, mlflow-fips, authentik-fips, request-1276, mlflow, text-generation-inference...

CVE-2026-54278 vulnerabilities

Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0, metaflow-service-fips, authentik, mlflow-fips, authentik-fips, request-1276, mlflow, text-generation-inference...

CVE-2026-54276 vulnerabilities

Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0, metaflow-service-fips, authentik, mlflow-fips, authentik-fips, request-1276, mlflow, text-generation-inference...