CVE-2026-45375 SiYuan: Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar community marketplace renders the name and version fields of a package's plugin.json and the equivalent theme.json / template.json / widget.json / icon.json into the Settings → Marketplace UI without HT...

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15159)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...

MAL-2025-170222 Malicious code in uyaudtu-tyt-dat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c5209296fbe9495b5d0c1b816ee8e9818246bd95b71266783bceeae762f5bcb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-138482 Malicious code in zaki-nasi58-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e41c4380992d2b664d5ec5bd9935370320b9df5519a6a4fd073a208fab105cac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nina-rojak97-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 672454cf34bd11b944d0c2678ec14849e4e22b99f087dc609ad273a6a8c27f3e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mulyono-bubursumsum85-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89c16c2af635c11b20fe31e673cfebc39eebdeb943fd0334599ea6932ec1c28c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Linux Distros Unpatched Vulnerability : CVE-2023-5831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all...

CVE-2023-5831

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the supersidebarloggedout feature flag enabled. Affected versions with this...

UBUNTU-CVE-2023-5831

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the supersidebarloggedout feature flag enabled. Affected versions with this...

PT-2023-32363 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.0 through 16.3.5 GitLab CE/EE versions 16.4 through 16.4.1 GitLab CE/EE versions 16.5.0 Description: An issue has been discovered in GitLab CE/EE which may unintentionally disclose GitLab version metadata to...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the fact that...