OSV - Open Source Vulnerabilities

GHSA-jqc5-w2xx-5vq4

Go/github.com/theupdateframework/go-tuf/v2

go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names

37 minutes ago

Fix available
Severity - 4.7 (Medium)

GHSA-2q4j-m29v-hq73

PyPI/pypdf

pypdf has possible Infinite Loop when processing outlines/bookmarks

49 minutes ago

Fix available
Severity - 5.1 (Medium)

GHSA-8hf7-h89p-3pqj

PyPI/mobsf

MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field

50 minutes ago

Fix available
Severity - 8.1 (High)

GHSA-cr3w-cw5w-h3fj

npm/@saltcorn/server

Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE

52 minutes ago

Fix available
Severity - 9.6 (Critical)

GHSA-gcgx-chcp-hxp9

PyPI/gakido

Gakido vulnerable to HTTP Header Injection (CRLF Injection)

57 minutes ago

Fix available
Severity - 5.3 (Medium)

GHSA-wp53-j4wj-2cfg

PyPI/python-multipart

Python-Multipart has Arbitrary File Write via Non-Default Configuration

59 minutes ago

Fix available
Severity - 8.6 (High)

GHSA-mxxc-p822-2hx9

Go/github.com/zalando/skipper

Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName

1 hour ago

Fix available
Severity - 8.1 (High)

GHSA-hm8f-75xx-w2vr

PyPI/sigstore

sigstore CSRF possibility in OIDC authentication during signing

2 hours ago

Fix available

GHSA-rqfh-9r24-8c9r

Maven/org.assertj:assertj-core

AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion

2 hours ago

Fix available
Severity - 8.2 (High)

GHSA-v253-rj99-jwpq

npm/pnpm

pnpm has Path Traversal via arbitrary file permission modification

2 hours ago

Fix available
Severity - 6.7 (Medium)

GHSA-6r62-w2q3-48hf

PyPI/bentoml

BentoML has a Path Traversal via Bentofile Configuration

3 hours ago

Fix available
Severity - 7.4 (High)

GHSA-6pfh-p556-v868

npm/pnpm

pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)

3 hours ago

Fix available
Severity - 6.5 (Medium)

GHSA-6x96-7vc8-cm3p

npm/pnpm

pnpm has Windows-specific tarball Path Traversal

3 hours ago

Fix available
Severity - 6.5 (Medium)

GHSA-xpqm-wm3m-f34h

npm/pnpm

pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

3 hours ago

Fix available
Severity - 6.5 (Medium)

GHSA-m733-5w8f-5ggw

npm/pnpm

pnpm has symlink traversal in file:/git dependencies

3 hours ago

Fix available
Severity - 6.7 (Medium)

MGASA-2026-0018

Mageia:9/kernel-linus

Updated kernel-linus packages fix security vulnerabilities

4 hours ago

Fix available