diff --git a/pkg/analyzer/data/blacklist.json b/pkg/analyzer/data/blacklist.json index 6ac40be..6592c48 100644 --- a/pkg/analyzer/data/blacklist.json +++ b/pkg/analyzer/data/blacklist.json @@ -1,19 +1,102 @@ [ + { + "id": "CVE-2026-33017", + "component": "langflow", + "ecosystem": "PyPI", + "affected_versions": [ + "< 1.9.0" + ], + "action": "BLOCK", + "severity": "CRITICAL", + "reason": "Unauthenticated RCE (CVSS 9.8): POST /api/v1/build_public_tmp/{flow_id}/flow accepts attacker-controlled flow data and passes arbitrary Python code directly to exec() with no sandboxing. Fixed in 1.9.0.", + "link": "https://github.com/advisories/GHSA-rvqx-wpfh-mfx7" + }, { "id": "SNYK-PYTHON-LITELLM-15762713", "component": "litellm", "ecosystem": "PyPI", - "affected_versions": ["1.82.7", "1.82.8"], + "affected_versions": [ + "1.82.7", + "1.82.8" + ], "action": "BLOCK", "severity": "CRITICAL", "reason": "TeamPCP supply chain attack: malicious .pth file steals SSH keys, AWS/K8s credentials and .env files on every Python startup, then establishes systemd persistence and attempts Kubernetes lateral movement.", "link": "https://security.snyk.io/vuln/SNYK-PYTHON-LITELLM-15762713" }, + { + "id": "CVE-2025-62373", + "component": "pipecat-ai", + "ecosystem": "PyPI", + "affected_versions": [ + "0.0.41", + "0.0.42", + "0.0.43", + "0.0.44", + "0.0.45", + "0.0.46", + "0.0.47", + "0.0.48", + "0.0.49", + "0.0.50", + "0.0.51", + "0.0.52", + "0.0.53", + "0.0.54", + "0.0.55", + "0.0.56", + "0.0.57", + "0.0.58", + "0.0.59", + "0.0.60", + "0.0.61", + "0.0.62", + "0.0.63", + "0.0.64", + "0.0.65", + "0.0.66", + "0.0.67", + "0.0.68", + "0.0.69", + "0.0.70", + "0.0.71", + "0.0.72", + "0.0.73", + "0.0.74", + "0.0.75", + "0.0.76", + "0.0.77", + "0.0.78", + "0.0.79", + "0.0.80", + "0.0.81", + "0.0.82", + "0.0.83", + "0.0.84", + "0.0.85", + "0.0.86", + "0.0.87", + "0.0.88", + "0.0.89", + "0.0.90", + "0.0.91", + "0.0.92", + "0.0.93" + ], + "action": "BLOCK", + "severity": "CRITICAL", + "reason": "Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer", + "link": "https://osv.dev/vulnerability/GHSA-c2jg-5cp7-6wc7" + }, { "id": "GHSA-69fq-xp46-6x23", "component": "trivy", "ecosystem": "binary", - "affected_versions": ["v0.69.4", "v0.69.5", "v0.69.6"], + "affected_versions": [ + "v0.69.4", + "v0.69.5", + "v0.69.6" + ], "action": "BLOCK", "severity": "CRITICAL", "reason": "TeamPCP compromised CI/CD pipeline and pushed malicious binaries that exfiltrate runner memory and environment secrets.", @@ -21,52 +104,51 @@ }, { "id": "GHSA-69fq-xp46-6x23", - "component": "trivy-action", + "component": "setup-trivy", "ecosystem": "github-actions", - "affected_versions": ["< v0.35.0"], + "affected_versions": [ + "< v0.2.6" + ], "action": "WARN", "severity": "HIGH", - "reason": "Vulnerable tags were force-pushed to point to malicious commits during the March 2026 TeamPCP exposure window. Upgrade to v0.35.0+ and pin by SHA.", - "link": "https://github.com/aquasecurity/trivy-action/security/advisories" + "reason": "Versions prior to v0.2.6 were at elevated risk during the March 2026 TeamPCP exposure window (~4 hours). Upgrade to v0.2.6+ (SHA: 3fb12ec) or pin by digest.", + "link": "https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23" }, { "id": "GHSA-69fq-xp46-6x23", - "component": "setup-trivy", + "component": "trivy-action", "ecosystem": "github-actions", - "affected_versions": ["< v0.2.6"], + "affected_versions": [ + "< v0.35.0" + ], "action": "WARN", "severity": "HIGH", - "reason": "Versions prior to v0.2.6 were at elevated risk during the March 2026 TeamPCP exposure window (~4 hours). Upgrade to v0.2.6+ (SHA: 3fb12ec) or pin by digest.", - "link": "https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23" + "reason": "Vulnerable tags were force-pushed to point to malicious commits during the March 2026 TeamPCP exposure window. Upgrade to v0.35.0+ and pin by SHA.", + "link": "https://github.com/aquasecurity/trivy-action/security/advisories" }, { - "id": "CVE-2026-33017", - "component": "langflow", - "ecosystem": "PyPI", - "affected_versions": ["< 1.9.0"], + "id": "BITWARDEN-CLI-COMPROMISE-2026-04-22", + "component": "@bitwarden/cli", + "ecosystem": "npm", + "affected_versions": [ + "2026.4.0" + ], "action": "BLOCK", "severity": "CRITICAL", - "reason": "Unauthenticated RCE (CVSS 9.8): POST /api/v1/build_public_tmp/{flow_id}/flow accepts attacker-controlled flow data and passes arbitrary Python code directly to exec() with no sandboxing. Fixed in 1.9.0.", - "link": "https://github.com/advisories/GHSA-rvqx-wpfh-mfx7" + "reason": "Confirmed npm supply-chain compromise: attackers hijacked Bitwarden's GitHub Actions, stole release secrets, and pushed a tampered @bitwarden/cli@2026.4.0 build to npm containing malicious code. Remove immediately and rotate any credentials that passed through the CLI.", + "link": "https://thehackernews.com/2026/04/bitwarden-cli-supply-chain-attack.html" }, { "id": "AXIOS-NPM-COMPROMISE-2026-03-31", "component": "axios", "ecosystem": "npm", - "affected_versions": ["1.14.1", "0.30.4"], + "affected_versions": [ + "1.14.1", + "0.30.4" + ], "action": "BLOCK", "severity": "CRITICAL", "reason": "Confirmed npm supply-chain compromise: attacker reportedly hijacked the maintainer npm account and published malicious axios builds that introduced the plain-crypto-js dependency outside the normal GitHub Actions release flow.", "link": "https://github.com/axios/axios" - }, - { - "id": "BITWARDEN-CLI-COMPROMISE-2026-04-22", - "component": "@bitwarden/cli", - "ecosystem": "npm", - "affected_versions": ["2026.4.0"], - "action": "BLOCK", - "severity": "CRITICAL", - "reason": "Confirmed npm supply-chain compromise: attackers hijacked Bitwarden's GitHub Actions, stole release secrets, and pushed a tampered @bitwarden/cli@2026.4.0 build to npm containing malicious code. Remove immediately and rotate any credentials that passed through the CLI.", - "link": "https://thehackernews.com/2026/04/bitwarden-cli-supply-chain-attack.html" } ]