oss-security

Messages by Date

2026/04/17 [oss-security] CVE-2026-33558: Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output Luke Chen
2026/04/17 [oss-security] CVE-2026-33557: Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication Luke Chen
2026/04/16 Re: [oss-security] Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory yangjincheng1998
2026/04/16 [oss-security] Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security
2026/04/16 Re: [oss-security] Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory Solar Designer
2026/04/16 Re: [oss-security] Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory yangjincheng1998
2026/04/16 Re: [oss-security] UAF in rsync 3.4.1 and below Salvatore Bonaccorso
2026/04/16 Re: [oss-security] Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory Alan Coopersmith
2026/04/16 [oss-security] CVE-2026-31987: Apache Airflow: JWT token appearing in logs Rahul Vats
2026/04/16 [oss-security] Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory yangjincheng1998
2026/04/16 [oss-security] CVE-2025-27363: FontForge affected by FreeType heap-buffer-overflow; upstream maintainer declines under Community-guidelines #D1 yangjincheng1998
2026/04/16 Re: [oss-security] UAF in rsync 3.4.1 and below Alan Coopersmith
2026/04/16 [oss-security] cosmic-greeter: Unsafe File System Operations in User Home Directories (CVE-2026-25704) Matthias Gerstner
2026/04/15 [oss-security] UAF in rsync 3.4.1 and below Przemyslaw Frasunek
2026/04/15 Re: [oss-security] 7 vulnerabilities disclosed & patched in jq Collin Funk
2026/04/15 Re: [oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Alan Coopersmith
2026/04/15 [oss-security] 7 vulnerabilities disclosed & patched in jq Alan Coopersmith
2026/04/15 [oss-security] [vim-security] Command injection via backtick expansion in tag filenames in Vim < v9.2.0357 Christian Brabandt
2026/04/15 [oss-security][CVE-2026-5713] CPython: Out-of-bounds read/write during remote debugging when connecting to malicious target Alan Coopersmith
2026/04/15 [oss-security] Re: CVE-2026-5088: Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts Jacques Deguest
2026/04/15 [oss-security] CVE-2026-5088: Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts Robert Rothenberg
2026/04/15 [oss-security] CVE-2026-25219: Apache Airlfow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access Jarek Potiuk
2026/04/14 [oss-security] CVE-2026-30778: Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. Kai Wan
2026/04/14 [oss-security] CVE-2025-54550: Apache Airflow: RCE by race condition in example_xcom dag Jarek Potiuk
2026/04/14 [oss-security] [OSSA-2026-007] OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean (CVE PENDING) Goutham Pacha Ravi
2026/04/14 [oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan
2026/04/14 [oss-security] [disclosure] Multiple unpatched CVEs in libav (unmaintained FFmpeg fork, last update 2019) yangjincheng1998
2026/04/13 [oss-security] wolfSSL 5.9.1 CVE and non-CVE fixes Solar Designer
2026/04/13 [oss-security] wolfSSL ML-DSA: same-process heap reuse exposes private signing material, enabling signature forgery Abhinav Agarwal
2026/04/13 [oss-security] CVE-2026-33929: Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code Tilman Hausherr
2026/04/13 [oss-security] CVE-2026-31908: Apache APISIX: forward auth plugin allows header injection Abhishek Choudhary
2026/04/13 [oss-security] CVE-2026-31924: Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP Abhishek Choudhary
2026/04/13 [oss-security] CVE-2026-31923: Apache APISIX: Openid-connect `tls_verify` field is disabled by default Abhishek Choudhary
2026/04/13 [oss-security] CVE-2026-5086: Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks Robert Rothenberg
2026/04/13 [oss-security][CVE-2026-4786] CPython: Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open() Alan Coopersmith
2026/04/13 [oss-security][CVE-2026-6100] CPython: Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure Alan Coopersmith
2026/04/13 Re: [oss-security] Security Audit of Hex, the Erlang package manager Alan Coopersmith
2026/04/13 [oss-security] CVE-2026-39816: Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService David Handermann
2026/04/13 [oss-security] CVE-2026-33858: Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API Rahul Vats
2026/04/13 [oss-security] CVE-2025-66236: Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI Rahul Vats
2026/04/13 [oss-security] CVE-2026-34884: Apache SkyWalking MCP: SSRF via set_skywalking_url Tool and GraphQL Expression Injection in MCP Server Qiuxia Fan
2026/04/13 [oss-security] CVE-2026-34476: Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server Qiuxia Fan
2026/04/13 [oss-security] CVE-2025-54057: Apache SkyWalking: Stored XSS vulnerability Zhenxu Ke
2026/04/13 [oss-security] CVE-2026-5085: Solstice::Session versions through 1440 for Perl generates session ids insecurely Robert Rothenberg
2026/04/12 Re: [oss-security] Security Audit of Hex, the Erlang package manager Alexander Patrakov
2026/04/12 [oss-security] CVE-2026-35565: Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI Richard Zowalla
2026/04/12 [oss-security] CVE-2026-35337: Apache Storm Client: RCE through Unsafe Deserialization via Kerberos TGT Credential Handling Richard Zowalla
2026/04/12 Re: [oss-security] GNU tar: listing/extraction desynchronization allows hidden file injection Paul Eggert
2026/04/12 [oss-security] Security Audit of Hex, the Erlang package manager Alan Coopersmith
2026/04/11 Re: [oss-security] GNU tar: listing/extraction desynchronization allows hidden file injection Collin Funk
2026/04/11 Re: [oss-security] GNU tar: listing/extraction desynchronization allows hidden file injection Solar Designer
2026/04/11 Re: [oss-security] GNU tar: listing/extraction desynchronization allows hidden file injection Alan Coopersmith
2026/04/11 Re: [oss-security] GNU tar: listing/extraction desynchronization allows hidden file injection Collin Funk
2026/04/11 [oss-security] GNU tar: listing/extraction desynchronization allows hidden file injection Alan Coopersmith
2026/04/11 [oss-security] Avahi: Reachable assertion in transport_flags_from_domain (CVE-2026-34933) Alan Coopersmith
2026/04/11 [oss-security] LibRaw 0.22.1 Release with security fixes Alan Coopersmith
2026/04/11 Re: [oss-security] CVE-2026-35537+more: Roundcube arbitrary write + ID/XSS/etc. prior to 1.6.14 Valtteri Vuorikoski
2026/04/11 [oss-security] CVE-2026-35537+more: Roundcube arbitrary write + ID/XSS/etc. prior to 1.6.14 Valtteri Vuorikoski
2026/04/10 [oss-security] CPython [CVE-2026-3446] Base64 decoding stops at first padded quad by default Alan Coopersmith
2026/04/10 [oss-security] CPython [CVE-2026-1502] HTTP client proxy tunnel headers not validated for CR/LF Alan Coopersmith
2026/04/10 [oss-security] [kubernetes] CVE-2026-3865: CSI Driver for SMB path traversal via subDir may delete unintended directories on the SMB server Vinayak Goyal
2026/04/10 [oss-security] CVE-2026-40199: Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass Stig Palmquist
2026/04/10 [oss-security] CVE-2026-40198: Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass Stig Palmquist
2026/04/10 [oss-security] xdg-dbus-proxy CVE-2026-34080: Eavesdrop filter bypass allows message interception Simon McVittie
2026/04/10 [oss-security] xdg-desktop-portal GHSA-rqr9-jwwf-wxgj: Trashing of arbitrary host files Simon McVittie
2026/04/10 [oss-security] CVE-2026-40200: musl libc: stack corruption in qsort with sufficiently large inputs Rich Felker
2026/04/10 [oss-security] CVE-2026-34480: Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters Piotr Karwasz
2026/04/10 [oss-security] CVE-2026-40023: Apache Log4cxx, Apache Log4cxx (Conan), Apache Log4cxx (Brew): Silent log event loss in XMLLayout due to unescaped XML 1.0 forbidden characters Piotr Karwasz
2026/04/10 [oss-security] CVE-2026-40021: Apache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unescaped XML 1.0 forbidden characters Piotr Karwasz
2026/04/10 [oss-security] CVE-2026-34481: Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout Piotr Karwasz
2026/04/10 [oss-security] CVE-2026-34479: Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters Piotr Karwasz
2026/04/10 [oss-security] CVE-2026-34478: Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility Piotr Karwasz
2026/04/10 [oss-security] CVE-2026-34477: Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass Piotr Karwasz
2026/04/10 Re: [oss-security] systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Vincent Lefevre
2026/04/10 [oss-security] CVE-2026-4631 [cockpit] Unauthenticated remote code execution due to SSH command-line argument injection Jelle van der Waa
2026/04/09 Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Solar Designer
2026/04/09 Re: [oss-security] X41 Advisory X41-2026-001: Guardrail Sandbox Escape in LiteLLM Solar Designer
2026/04/09 Re: [oss-security] systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt
2026/04/09 [oss-security] [OSSA-2026-006] OpenStack Skyline: DOM-based XSS in Skyline Console via unsanitized instance console log rendering (CVE-2026-pending) Goutham Pacha Ravi
2026/04/09 [oss-security] CVE-2026-34500: Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled Mark Thomas
2026/04/09 [oss-security] CVE-2026-34487: Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token Mark Thomas
2026/04/09 [oss-security] CVE-2026-34486: Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor Mark Thomas
2026/04/09 [oss-security] CVE-2026-34483: Apache Tomcat: Incomplete escaping of JSON access logs Mark Thomas
2026/04/09 [oss-security] CVE-2026-32990: Apache Tomcat: Fix for CVE-2025-66614 is incomplete Mark Thomas
2026/04/09 [oss-security] CVE-2026-29129: Apache Tomcat: TLS cipher order is not preserved Mark Thomas
2026/04/09 [oss-security] CVE-2026-29146: Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default Mark Thomas
2026/04/09 [oss-security] CVE-2026-29145: Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled Mark Thomas
2026/04/09 [oss-security] CVE-2026-25854: Apache Tomcat: Occasionally open redirect Mark Thomas
2026/04/09 [oss-security] CVE-2026-24880: Apache Tomcat: Request smuggling via invalid chunk extension Mark Thomas
2026/04/09 [oss-security] Re: [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Jens Jarl Nestén Hansen-Nord
2026/04/09 [oss-security] CVE-2026-40046: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated Christopher L. Shannon
2026/04/09 [oss-security] CVE-2026-39304: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM Christopher L. Shannon
2026/04/09 [oss-security] CVE-2025-57735: Apache Airflow: Airflow Logout Not Invalidating JWT Rahul Vats
2026/04/09 Re: [oss-security] libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Tianyu Chen
2026/04/09 Re: [oss-security] libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
2026/04/09 Re: [oss-security] systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Salvatore Bonaccorso
2026/04/09 [oss-security] CVE-2026-34020: Apache OpenMeetings: Login Credentials Passed via GET Query Parameters Maxim Solodovnik
2026/04/09 [oss-security] CVE-2026-33266: Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt Maxim Solodovnik
2026/04/09 [oss-security] CVE-2026-33005: Apache OpenMeetings: Insufficient checks in FileWebService Maxim Solodovnik
2026/04/09 [oss-security] CVE-2026-34538: Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure) Rahul Vats
2026/04/09 Re: [oss-security] 4 security fixes in Flatpak, including critical CVE-2026-34078: Complete sandbox escape leading to host file access and code execution in the host context Simon McVittie
2026/04/08 Re: [oss-security] libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Solar Designer
2026/04/08 Re: [oss-security] libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
2026/04/08 [oss-security] Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt
2026/04/08 Re: [oss-security] libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Solar Designer
2026/04/08 [oss-security] lftp 4.9.3 does not filter non-printable characters in the output to the terminal Vincent Lefevre
2026/04/08 Re: [oss-security] Re: Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall
2026/04/08 [oss-security] 4 security fixes in Flatpak, including critical CVE-2026-34078: Complete sandbox escape leading to host file access and code execution in the host context Solar Designer
2026/04/08 [oss-security] libpng 1.6.57: Use-after-free vulnerability fixed: CVE-2026-34757 Cosmin Truta
2026/04/08 [oss-security] X41 Advisory X41-2026-001: Guardrail Sandbox Escape in LiteLLM Markus Vervier
2026/04/08 [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Alan Coopersmith
2026/04/08 [oss-security] Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
2026/04/08 [oss-security] Re: [EXTERN] Re: [oss-security] Multiple CVEs disclosed in CUPS Schwedas, Sven
2026/04/08 [oss-security] PyCA cryptography 46.0.7 released, fixes CVE-2026-39892 Alan Coopersmith
2026/04/08 Re: [oss-security] Fwd: [siren] Severity: High – Potential Malicious Campaign Underway Targeting Open Source Developers via Slack Stuart D Gathman
2026/04/08 [oss-security] CVE-2026-5082: Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id Robert Rothenberg
2026/04/08 [oss-security] CVE-2026-5083: Ado::Sessions versions through 0.935 for Perl generates insecure session ids Robert Rothenberg
2026/04/07 Re: [oss-security] Axios Supply-Chain Attack [v1.14.1] [0.30.4] --> plain-crypto-js [4.2.0][4.2.1] Solar Designer
2026/04/07 [oss-security] Fwd: [siren] Severity: High – Potential Malicious Campaign Underway Targeting Open Source Developers via Slack Solar Designer
2026/04/07 Re: [oss-security] Multiple CVEs disclosed in CUPS Peter Gutmann
2026/04/07 [oss-security] Multiple CVEs disclosed in CUPS Alan Coopersmith
2026/04/07 [oss-security] systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt
2026/04/07 Re: [oss-security] libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Christian Göttsche
2026/04/07 [oss-security] CVE-2026-35554: Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition Manikumar
2026/04/07 [oss-security] [vim-security] Netbeans command injection in Vim < v9.2.0316 Christian Brabandt
2026/04/07 [oss-security] CVE-2026-27315: Apache Cassandra: cqlsh history sensitive information leak Michael Semb Wever
2026/04/07 [oss-security] Django CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033, and CVE-2026-33034 Jacob Walls
2026/04/07 [oss-security] [OSSA-2026-005] Keystone: Restricted application credentials can create EC2 credentials (CVE-2026-33551) Jeremy Stanley
2026/04/07 [oss-security] OpenSSL Security Advisory Tomas Mraz
2026/04/07 [oss-security] CASSANDRA-21202: CVE-2026-32588: Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing Michael Semb Wever
2026/04/07 [oss-security] CVE-2026-27314: Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass Michael Semb Wever
2026/04/07 [oss-security] Re: Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall
2026/04/07 [oss-security] libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
2026/04/07 Re: [oss-security] Announce: OpenSSH 10.3 released Demi Marie Obenour
2026/04/07 Re: [oss-security] Announce: OpenSSH 10.3 released Damien Miller
2026/04/07 Re: [oss-security] Announce: OpenSSH 10.3 released Demi Marie Obenour
2026/04/06 [oss-security] CVE-2026-33227: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ Web: Improper Limitation of a Pathname to a Restricted Directory Christopher L. Shannon
2026/04/06 [oss-security] CVE-2026-34197: Apache ActiveMQ Broker, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans Christopher L. Shannon
2026/04/06 Re: [oss-security] Announce: OpenSSH 10.3 released Damien Miller
2026/04/05 [oss-security] Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall
2026/04/03 Re: [oss-security] Announce: OpenSSH 10.3 released Demi Marie Obenour
2026/04/03 Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Salvatore Bonaccorso
2026/04/03 Re: [oss-security] Re: Multiple vulnerabilities in AppArmor Salvatore Bonaccorso
2026/04/03 Re: [oss-security] Announce: OpenSSH 10.3 released Salvatore Bonaccorso
2026/04/03 Re: [oss-security] Announce: OpenSSH 10.3 released Agostino Sarubbo
2026/04/02 Re: [oss-security] [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Rich Felker
2026/04/02 Re: [oss-security] [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Rich Felker
2026/04/02 [oss-security] [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Jens Jarl Nestén Hansen-Nord
2026/04/02 Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Solar Designer
2026/04/02 Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
2026/04/02 Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 David A. Wheeler
2026/04/02 [oss-security] [ANNOUNCE] ATS is vulnerable to HTTP requests with body Masakazu Kitajo
2026/04/02 Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Tianyu Chen
2026/04/02 Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
2026/04/02 [oss-security] Announce: OpenSSH 10.3 released Damien Miller
2026/04/02 Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
2026/04/01 [oss-security] FW: libinput Security Advisory: multiple security issues in libinput Peter Hutterer
2026/04/01 [oss-security][CVE-2026-5271] Python install manager script aliases search path hijack Alan Coopersmith
2026/04/01 [oss-security] [vim-security] Path traversal issue with zip.vim and special crafted zip archives in Vim < v9.2.0280 Christian Brabandt
2026/04/01 [oss-security] Re: Multiple vulnerabilities in AppArmor Greg KH
2026/04/01 Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
2026/04/01 Re: [oss-security] [vim-security] Vim modeline bypass via various options affects Vim < 9.2.0276 Salvatore Bonaccorso
2026/03/31 [oss-security] [ADVISORY] CVE-2026-34956: Open vSwitch: Invalid memory access in conntrack FTP alg. Aaron Conole
2026/03/31 [oss-security] Fwd: XZ Utils 5.8.3 and a security fix Sam James
2026/03/31 [oss-security] [vim-security] Vim modeline bypass via various options affects Vim < 9.2.0276 Christian Brabandt
2026/03/31 Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 David A. Wheeler
2026/03/31 [oss-security] Re: Multiple vulnerabilities in AppArmor Greg KH
2026/03/31 [oss-security] Fwd: CVE-2026-5087: PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely Robert Rothenberg
2026/03/31 [oss-security] CVE-2024-14030: Sereal::Decoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library Robert Rothenberg
2026/03/31 [oss-security] CVE-2024-14031: Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library Robert Rothenberg
2026/03/31 [oss-security] CVE-2025-15618: Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key Robert Rothenberg
2026/03/31 [oss-security] Axios Supply-Chain Attack [v1.14.1] [0.30.4] --> plain-crypto-js [4.2.0][4.2.1] Michael Straßberger
2026/03/31 Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Tianyu Chen
2026/03/31 Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
2026/03/31 [oss-security] PowerDNS Security Advisory 2026-02 for DNSdist: Multiple issues Remi Gacogne
2026/03/31 [oss-security] Re: Multiple vulnerabilities in AppArmor John Johansen
2026/03/30 Re: [oss-security] KVM shadow EPT stale rmap use-after-free Solar Designer
2026/03/30 [oss-security] CVE-2026-32794: Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange Jens Scheffler
2026/03/30 [oss-security] pyca/cryptography: CVE-2026-34073: X.509: bypass of name constraints on wildcard SANs with matching peer names Alan Coopersmith
2026/03/30 [oss-security] The GNU C Library security advisory update for 2026-03-30 Siddhesh Poyarekar
2026/03/30 Re: [oss-security] KVM shadow EPT stale rmap use-after-free Demi Marie Obenour
2026/03/30 [oss-security] KVM shadow EPT stale rmap use-after-free Sandipan Roy
2026/03/30 Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Demi Marie Obenour
2026/03/30 [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
2026/03/29 Re: [oss-security] CVE-2026-4176: Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib Jacob Bachmeyer
2026/03/29 [oss-security] CVE-2026-4176: Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib Stig Palmquist
2026/03/29 [oss-security] [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security
2026/03/29 [oss-security] Re: Multiple vulnerabilities in AppArmor Greg KH
2026/03/28 [oss-security] Re: Multiple vulnerabilities in AppArmor John Johansen
2026/03/28 [oss-security] CVE-2025-15604: Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions Robert Rothenberg
2026/03/28 [oss-security] CVE-2026-3256: HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids Robert Rothenberg
2026/03/28 [oss-security] Re: Multiple vulnerabilities in AppArmor Greg KH
2026/03/27 Re: [oss-security] [ADVISORY] SQUID-2026:1 Denial of Service in ICP Request handling (CVE-2026-33526) Solar Designer
2026/03/27 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2026-0002 Adrian Perez de Castro
2026/03/27 Re: [oss-security] Re: Multiple vulnerabilities in AppArmor kf503bla
2026/03/27 [oss-security] Re: Multiple vulnerabilities in AppArmor Qualys Security Advisory
2026/03/27 [oss-security] CVE-2026-1961: Foreman: Remote Code Execution via command injection in WebSocket proxy Ondrej Gajdusek
2026/03/27 [oss-security] Dovecot Security Advisory OXDC-2026-0001 Aki Tuomi
2026/03/27 [oss-security] Re: Multiple vulnerabilities in AppArmor Greg KH
2026/03/26 [oss-security] TigerVNC 1.16.2 security release Alan Coopersmith

Earlier messages