FLAT-06SJ0 (MAL-2026-5115)
Use of software with malware In @redhat-cloud-services/quickstarts-client
5.2
Medium
Ecosystem: Npm
Package: @redhat-cloud-services/quickstarts-client
FLAT-8UMMS (GHSA-3pv8-6f4r-ffg2)
Lack of data validation In tar
2.7
Low
Ecosystem: Cargo
Package: tar
FLAT-5YKW0 (CVE-2026-47179)
Lack of data validation - Path Traversal In github.com/getarcaneapp/arcane/backend
7.6
High
Ecosystem: Go
Package: github.com/getarcaneapp/arcane/backend
FLAT-4J4TG (MAL-2026-4855)
Use of software with malware In @service-suppliers/set_suppliers_loading_start
5.2
Medium
Ecosystem: Npm
Package: @service-suppliers/set_suppliers_loading_start
FLAT-05JWH (CVE-2026-48710)
Lack of data validation In starlette
2.7
Low
Ecosystem: Debian
Package: starlette
FLAT-3RD0P (MAL-2026-4812)
Use of software with malware In m-at-star-tools
5.2
Medium
Ecosystem: PyPI
Package: m-at-star-tools
FLAT-AVPUM (CVE-2026-47125)
Improper authorization control for web services In github.com/getarcaneapp/arcane/backend
7.7
High
Ecosystem: Go
Package: github.com/getarcaneapp/arcane/backend
FLAT-T2K48 (MAL-2026-4166)
Use of software with malware In tarpackage
5.2
Medium
Ecosystem: PyPI
Package: tarpackage
FLAT-NYVZP (MAL-2026-3845)
Use of software with malware In @starmind/collector-cli
5.2
Medium
Ecosystem: Npm
Package: @starmind/collector-cli
FLAT-SYWFV (MAL-2026-4130)
Use of software with malware In boring-avatars-vanilla
5.2
Medium
Ecosystem: Npm
Package: boring-avatars-vanilla
FLAT-TW2CB (CVE-2026-45627)
Reflected cross-site scripting (XSS) In github.com/getarcaneapp/arcane/backend
7.5
High
Ecosystem: Go
Package: github.com/getarcaneapp/arcane/backend
FLAT-IFAXX (CVE-2026-45626)
Remote command execution In github.com/getarcaneapp/arcane/backend
5.8
Medium
Ecosystem: Go
Package: github.com/getarcaneapp/arcane/backend
FLAT-ZFBQU (CVE-2026-45625)
Improper authorization control for web services In github.com/getarcaneapp/arcane/backend
7.7
High
Ecosystem: Go
Package: github.com/getarcaneapp/arcane/backend
FLAT-PUBKI (GHSA-3cv2-h65g-fgmm)
Insecure object reference In astral-tokio-tar
2.7
Low
Ecosystem: Cargo
Package: astral-tokio-tar
FLAT-48YJW (GHSA-9m65-766c-r333)
Insecure deserialization In @tanstack/start-server-core
1.7
Low
Ecosystem: Npm
Package: @tanstack/start-server-core
FLAT-NXGRG (MAL-2026-3499)
Use of software with malware In @tanstack/vue-start-client
5.2
Medium
Ecosystem: Npm
Package: @tanstack/vue-start-client
FLAT-Y5CVU (MAL-2026-3485)
Use of software with malware In @tanstack/solid-start-client
5.2
Medium
Ecosystem: Npm
Package: @tanstack/solid-start-client
FLAT-FB0Q6 (MAL-2026-3486)
Use of software with malware In @tanstack/solid-start-server
5.2
Medium
Ecosystem: Npm
Package: @tanstack/solid-start-server
FLAT-JOEHS (MAL-2026-3484)
Use of software with malware In @tanstack/solid-start
5.2
Medium
Ecosystem: Npm
Package: @tanstack/solid-start
FLAT-MDFBJ (MAL-2026-3487)
Use of software with malware In @tanstack/start-client-core
5.2
Medium
Ecosystem: Npm
Package: @tanstack/start-client-core
FLAT-ZPV36 (MAL-2026-3488)
Use of software with malware In @tanstack/start-fn-stubs
5.2
Medium
Ecosystem: Npm
Package: @tanstack/start-fn-stubs
FLAT-ZFR9M (MAL-2026-3489)
Use of software with malware In @tanstack/start-plugin-core
5.2
Medium
Ecosystem: Npm
Package: @tanstack/start-plugin-core
FLAT-ZH9L3 (MAL-2026-3490)
Use of software with malware In @tanstack/start-server-core
5.2
Medium
Ecosystem: Npm
Package: @tanstack/start-server-core
FLAT-EM1S6 (MAL-2026-3491)
Use of software with malware In @tanstack/start-static-server-functions
5.2
Medium
Ecosystem: Npm
Package: @tanstack/start-static-server-functions
FLAT-66YFT (MAL-2026-3492)
Use of software with malware In @tanstack/start-storage-context
5.2
Medium
Ecosystem: Npm
Package: @tanstack/start-storage-context
FLAT-2PX1I (MAL-2026-3500)
Use of software with malware In @tanstack/vue-start-server
5.2
Medium
Ecosystem: Npm
Package: @tanstack/vue-start-server
FLAT-OBEYW (MAL-2026-3498)
Use of software with malware In @tanstack/vue-start
5.2
Medium
Ecosystem: Npm
Package: @tanstack/vue-start
FLAT-XF7F0 (MAL-2026-3468)
Use of software with malware In @tanstack/react-start
5.2
Medium
Ecosystem: Npm
Package: @tanstack/react-start
FLAT-N6UGM (MAL-2026-3471)
Use of software with malware In @tanstack/react-start-server
5.2
Medium
Ecosystem: Npm
Package: @tanstack/react-start-server
FLAT-KX7F5 (MAL-2026-3470)
Use of software with malware In @tanstack/react-start-rsc
5.2
Medium
Ecosystem: Npm
Package: @tanstack/react-start-rsc
FLAT-B70UU (MAL-2026-3469)
Use of software with malware In @tanstack/react-start-client
5.2
Medium
Ecosystem: Npm
Package: @tanstack/react-start-client
FLAT-AKT14 (MAL-2026-3462)
Use of software with malware In @tanstack/eslint-plugin-start
5.2
Medium
Ecosystem: Npm
Package: @tanstack/eslint-plugin-start
FLAT-7XNNG (MAL-2026-3320)
Use of software with malware In @google-pay-trust/start
5.2
Medium
Ecosystem: Npm
Package: @google-pay-trust/start
FLAT-8IDTK (MAL-2026-3302)
Use of software with malware In ally-starter-api
5.2
Medium
Ecosystem: Npm
Package: ally-starter-api
FLAT-EKSBU (CVE-2026-40561)
HTTP request smuggling In starlet
1.7
Low
Ecosystem: Debian
Package: starlet
FLAT-E4C8H (CVE-2026-42461)
Improper authorization control for web services In github.com/getarcaneapp/arcane/backend
6.6
Medium
Ecosystem: Go
Package: github.com/getarcaneapp/arcane/backend
FLAT-CCFH8 (CVE-2026-40560)
HTTP request smuggling In starman
1.7
Low
Ecosystem: Debian
Package: starman
FLAT-TAVD3 (MAL-2026-3139)
Use of software with malware In robase-start
5.2
Medium
Ecosystem: PyPI
Package: robase-start
FLAT-EUYY8 (GHSA-xx64-wwv2-hcqq)
Lack of data validation - Path Traversal In astral-tokio-tar
2.7
Low
Ecosystem: Cargo
Package: astral-tokio-tar
FLAT-V9AM2 (GHSA-fp55-jw48-c537)
Insecure object reference In astral-tokio-tar
6.6
Medium
Ecosystem: Cargo
Package: astral-tokio-tar
FLAT-DKSKM (MAL-2026-3054)
Use of software with malware In @apple-pay-trust/start
5.2
Medium
Ecosystem: Npm
Package: @apple-pay-trust/start
FLAT-ANCLZ (MAL-2026-3083)
Use of software with malware In elementary-data
5.2
Medium
Ecosystem: PyPI
Package: elementary-data
FLAT-OCQTP (MAL-2026-2846)
Use of software with malware In eslint-plugin-totara
5.2
Medium
Ecosystem: Npm
Package: eslint-plugin-totara
FLAT-WCB82 (MAL-2026-2793)
Use of software with malware In pil2-stark-js
5.2
Medium
Ecosystem: Npm
Package: pil2-stark-js
FLAT-8CG2U (MAL-2026-2769)
Use of software with malware In hardhat-starter-kit
5.2
Medium
Ecosystem: Npm
Package: hardhat-starter-kit
FLAT-69NBZ (MAL-2026-2739)
Use of software with malware In ccip-starter-kit-hardhat
5.2
Medium
Ecosystem: Npm
Package: ccip-starter-kit-hardhat
FLAT-P5K08 (MAL-2026-2727)
Use of software with malware In agent-starter
5.2
Medium
Ecosystem: Npm
Package: agent-starter
FLAT-L4KET (MAL-2026-2613)
Use of software with malware In upstart-offer-container
5.2
Medium
Ecosystem: Npm
Package: upstart-offer-container
FLAT-66MNQ (MAL-2026-2619)
Use of software with malware In upstartloans
5.2
Medium
Ecosystem: Npm
Package: upstartloans
FLAT-B0F2K (MAL-2026-2618)
Use of software with malware In upstartdr
5.2
Medium
Ecosystem: Npm
Package: upstartdr
FLAT-ZCEJ7 (MAL-2026-2616)
Use of software with malware In upstartapplicationstatus
5.2
Medium
Ecosystem: Npm
Package: upstartapplicationstatus
FLAT-N409C (MAL-2026-2620)
Use of software with malware In upstartportal
5.2
Medium
Ecosystem: Npm
Package: upstartportal
FLAT-SMD4L (MAL-2026-2615)
Use of software with malware In upstartadmindashboard-
5.2
Medium
Ecosystem: Npm
Package: upstartadmindashboard-
FLAT-029V4 (MAL-2026-2612)
Use of software with malware In upstart-loan-status
5.2
Medium
Ecosystem: Npm
Package: upstart-loan-status
FLAT-A9RYY (MAL-2026-2614)
Use of software with malware In upstart.previewcss
5.2
Medium
Ecosystem: Npm
Package: upstart.previewcss
FLAT-LXZB1 (MAL-2026-2617)
Use of software with malware In upstartautoretailadmin
5.2
Medium
Ecosystem: Npm
Package: upstartautoretailadmin
FLAT-L5Z52 (MAL-2026-2611)
Use of software with malware In upstart-lending-status
5.2
Medium
Ecosystem: Npm
Package: upstart-lending-status
FLAT-Z4VYF (CVE-2026-40242)
Server-side request forgery (SSRF) In github.com/getarcaneapp/arcane/backend
4.5
Medium
Ecosystem: Go
Package: github.com/getarcaneapp/arcane/backend
FLAT-V8D06 (CVE-2026-5739)
OS Command Injection In tech.powerjob:powerjob-server-starter
2.7
Low
Ecosystem: Maven
Package: tech.powerjob:powerjob-server-starter
FLAT-EMQ5Y (CVE-2026-5736)
SQL injection - Code In tech.powerjob:powerjob-server-starter
2.7
Low
Ecosystem: Maven
Package: tech.powerjob:powerjob-server-starter
FLAT-C0S3O (CVE-2018-20482)
Improper resource allocation In tar
1.9
Low
Ecosystem: Alpm
Package: tar
FLAT-NFT6U (CVE-2021-20193)
Lack of data validation - Path Traversal In tar
1.0
Low
Ecosystem: Alpm
Package: tar
FLAT-4RZMP (CVE-2016-6321)
Lack of data validation - Path Traversal In tar
6.6
Medium
Ecosystem: Alpm
Package: tar
FLAT-TJP7O (CVE-2026-5704)
Lack of data validation - Path Traversal In tar
5.5
Medium
Ecosystem: Debian
Package: tar
FLAT-AMTQ1 (MAL-2026-2152)
Use of software with malware In target-iceberg
5.2
Medium
Ecosystem: PyPI
Package: target-iceberg
FLAT-ITSEC (CVE-2026-33056)
Lack of data validation - Path Traversal In tar
1.2
Low
Ecosystem: Cargo
Package: tar
FLAT-VXIZO (CVE-2026-33055)
Lack of data validation In tar
1.2
Low
Ecosystem: Cargo
Package: tar
FLAT-A22SS (MAL-2026-1969)
Use of software with malware In spstargm
5.2
Medium
Ecosystem: Npm
Package: spstargm
FLAT-KOF0P (CVE-2026-22731)
Security controls bypass or absence In org.springframework.boot:spring-boot-starter-actuator
4.8
Medium
Ecosystem: Maven
Package: org.springframework.boot:spring-boot-starter-actuator
FLAT-DDZ89 (CVE-2026-22733)
Security controls bypass or absence In org.springframework.boot:spring-boot-starter-actuator
6.5
Medium
Ecosystem: Maven
Package: org.springframework.boot:spring-boot-starter-actuator
FLAT-YPUID (CVE-2026-32766)
HTTP request smuggling In rust-astral-tokio-tar
1.7
Low
Ecosystem: Debian
Package: rust-astral-tokio-tar
FLAT-4943X (MAL-2026-1598)
Use of software with malware In @emerald-react/avatar
5.2
Medium
Ecosystem: Npm
Package: @emerald-react/avatar
FLAT-5BI85 (MAL-2026-1572)
Use of software with malware In transform-new-target
5.2
Medium
Ecosystem: Npm
Package: transform-new-target
FLAT-D48MQ (CVE-2026-4269)
Insecure generation of random numbers In bedrock-agentcore-starter-toolkit
1.5
Low
Ecosystem: PyPI
Package: bedrock-agentcore-starter-toolkit
FLAT-9YWAC (CVE-2026-31802)
Lack of data validation - Path Traversal In tar
5.6
Medium
Ecosystem: Npm
Package: tar
FLAT-14LRZ (CVE-2026-29786)
Lack of data validation - Path Traversal In node-tar
5.6
Medium
Ecosystem: Debian
Package: node-tar
FLAT-K6SQL (MAL-2026-1252)
Use of software with malware In pear-apps-utils-avatar-initials
5.2
Medium
Ecosystem: Npm
Package: pear-apps-utils-avatar-initials
FLAT-9T41E (CVE-2026-26960)
Lack of data validation - Path Traversal In node-tar
9.0
Critical
Ecosystem: Debian
Package: node-tar
FLAT-ONSBI (MAL-2026-889)
Use of software with malware In responses-starter-app
5.2
Medium
Ecosystem: Npm
Package: responses-starter-app
FLAT-7P9WO (CVE-2025-69874)
Lack of data validation - Path Traversal In nanotar
2.7
Low
Ecosystem: Npm
Package: nanotar
FLAT-60G1E (CVE-2026-25480)
Improper resource allocation In litestar
1.7
Low
Ecosystem: PyPI
Package: litestar
FLAT-BQFF3 (CVE-2026-25479)
Asymmetric denial of service - ReDoS In litestar
2.7
Low
Ecosystem: PyPI
Package: litestar
FLAT-DV4IB (CVE-2026-25478)
Lack of data validation In litestar
5.7
Medium
Ecosystem: PyPI
Package: litestar
FLAT-68CFM (MAL-2026-799)
Use of software with malware In @rsgweb/rockstar-account
5.2
Medium
Ecosystem: Npm
Package: @rsgweb/rockstar-account
FLAT-6E64U (MAL-2026-758)
Use of software with malware In tailwindcss-forms-starter
5.2
Medium
Ecosystem: Npm
Package: tailwindcss-forms-starter
FLAT-87PUB (CVE-2020-12265)
Lack of data validation - Path Traversal In decompress-tar
0.6
Low
Ecosystem: Npm
Package: decompress-tar
FLAT-329GH (CVE-2017-8046)
Lack of data validation In org.springframework.boot:spring-boot-starter-data-rest
0.6
Low
Ecosystem: Maven
Package: org.springframework.boot:spring-boot-starter-data-rest
FLAT-H6X3E (JAVA-COMSTARKBANKELLIPTICCURVE-1913039)
Lack of data validation In com.starkbank.ellipticcurve:starkbank-ecdsa
0.6
Low
Ecosystem: Maven
Package: com.starkbank.ellipticcurve:starkbank-ecdsa
FLAT-LYUXH (MAL-2026-694)
Use of software with malware In tarax
5.2
Medium
Ecosystem: Npm
Package: tarax
FLAT-MLMT3 (CVE-2026-24842)
Lack of data validation - Path Traversal In tar
7.9
High
Ecosystem: Npm
Package: tar
FLAT-VLXU6 (CVE-2026-24909)
Lack of data validation - Path Traversal In @vltpkg/tar
3.7
Low
Ecosystem: Npm
Package: @vltpkg/tar
FLAT-02MG7 (CVE-2026-23950)
Lack of data validation - Path Traversal In tar
6.7
Medium
Ecosystem: Npm
Package: tar
FLAT-FEYD5 (CVE-2026-23745)
Lack of data validation - Path Traversal In node-tar
5.5
Medium
Ecosystem: Debian
Package: node-tar
FLAT-URXXX (CVE-2026-23520)
Remote command execution In github.com/getarcaneapp/arcane/backend
5.8
Medium
Ecosystem: Go
Package: github.com/getarcaneapp/arcane/backend
FLAT-5Z6VL (CVE-2026-22809)
Asymmetric denial of service - ReDoS In tarteaucitronjs
6.6
Medium
Ecosystem: Npm
Package: tarteaucitronjs
FLAT-8DWMO (MAL-2026-129)
Use of software with malware In aws-target-mediator
5.2
Medium
Ecosystem: Npm
Package: aws-target-mediator
FLAT-S3BMN (MAL-2025-192935)
Use of software with malware In ing-feat-mortgage-consent-starter
5.2
Medium
Ecosystem: Npm
Package: ing-feat-mortgage-consent-starter
FLAT-T72R9 (MAL-2025-192759)
Use of software with malware In start-log-plugin
5.2
Medium
Ecosystem: Npm
Package: start-log-plugin
FLAT-SQ9EO (MAL-2025-192758)
Use of software with malware In start-log-backend
5.2
Medium
Ecosystem: Npm
Package: start-log-backend
FLAT-3HK8R (MAL-2025-192738)
Use of software with malware In elf-stats-caroling-star-725
5.2
Medium
Ecosystem: Npm
Package: elf-stats-caroling-star-725