-
It seems that the current implementation throws an attribute error when using the `modified-files` option in the input parameters.
As described in the argument parser, this option can be used to manu…
-
Following from some [discussion](https://github.com/pypa/warehouse/issues/4703#issuecomment-985270450) in https://github.com/pypa/warehouse/issues/4703, do we think that packages removed from PyPI due…
-
While packaging rosenpass i noticed that cargo audit complains about a few dependencies:
```
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 629 secu…
darix updated
2 months ago
-
A dependency used in this project @apidevtools/json-schema-ref-parser is vulnerable to a prototype pollution attack, as listed in https://nvd.nist.gov/vuln/detail/CVE-2024-29651 - https://github.com/a…
-
Hello,
for a university project a fellow student and I had a look in December 2022 at the back then 141 GitHub-reviewed withdrawn advisories in the GitHub Advisory Database, which uses the OSV schema…
-
Installing this module:
npm WARN deprecated istanbul@0.4.5: This module is no longer maintained, try this instead:
npm WARN deprecated npm i nyc
npm WARN deprecated Visit https://is…
-
See https://github.com/anchore/nvd-data-overrides
-
```
# npm audit report
async 2.0.0 - 2.6.3
Severity: critical
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
Depends on vulnerable versions of lodash
fix available …
-
As discussed on today's call - what are some key measurable security indicators we would like developers to see when they are selecting packages (e.g. NPM packages) to possibly bring into their web ap…
-
@xuan2261 @WaltDisneyWorld
Hello all, unfortunately today I bare bad news. A bypass has been found in auth.gg that allows any user to login to **ALL** apps using auth.gg, even with obfuscation, wit…