Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 17 Jun 2026 15:04:27 +0000 17cc7d1d-08f0-44fb-b6e4-1e7e0b7de45d https://vulnerability.circl.lu/sighting/17cc7d1d-08f0-44fb-b6e4-1e7e0b7de45d/export {"uuid": "17cc7d1d-08f0-44fb-b6e4-1e7e0b7de45d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48779", "type": "published-proof-of-concept", "source": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p", "content": "", "creation_timestamp": "2026-05-22T18:05:36.000000Z"} {"uuid": "17cc7d1d-08f0-44fb-b6e4-1e7e0b7de45d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48779", "type": "published-proof-of-concept", "source": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p", "content": "", "creation_timestamp": "2026-05-22T18:05:36.000000Z"} https://vulnerability.circl.lu/sighting/17cc7d1d-08f0-44fb-b6e4-1e7e0b7de45d/export Fri, 22 May 2026 18:05:36 +0000 22a4d6a3-af49-4b5d-a42a-ee11e2db122d https://vulnerability.circl.lu/sighting/22a4d6a3-af49-4b5d-a42a-ee11e2db122d/export {"uuid": "22a4d6a3-af49-4b5d-a42a-ee11e2db122d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48779", "type": "seen", "source": "https://gist.github.com/djlan/becffd7152d874641e42038b1b748f54", "content": "# PR \u89e3\u91ca: [SECURITY] bump ws from 6.2.3 to 6.2.4\n\nDependabot \u9488\u5bf9 CVE-2026-48779 \u9ad8\u5371\u5b89\u5168\u6f0f\u6d1e\uff0c\u5c06 WebSocket \u5e93 `ws` \u4ece 6.2.3 \u5347\u7ea7\u81f3 6.2.4\uff0c\u4fee\u590d\u4e86\u6d88\u606f\u5206\u7247\u5185\u5b58\u672a\u9650\u5236\u7684\u5b89\u5168\u95ee\u9898\u3002\n\n**PR \u94fe\u63a5**: https://dev.azure.com/msdata/A365/_git/vscode-trident/pullrequest/2155412\n**\u4f5c\u8005**: Dependabot\n**\u72b6\u6001**: active\n**\u5206\u652f**: `dependabot/npm_and_yarn/ws-6.2.4-3632050` \u2192 `main`\n**\u53d8\u66f4\u7edf\u8ba1**: 4 files changed\n\n## \u76ee\u5f55\n- [\u53d8\u66f4\u6982\u89c8](#\u53d8\u66f4\u6982\u89c8)\n- [\u5f71\u54cd\u5206\u6790](#\u5f71\u54cd\u5206\u6790)\n\n---\n\n## \u53d8\u66f4\u6982\u89c8\n\n### 1. \u4f9d\u8d56\u7248\u672c\u58f0\u660e\u66f4\u65b0\n\n**\u76ee\u7684**: \u5c06 `ws` \u5305\u7684\u6700\u4f4e\u7248\u672c\u8981\u6c42\u4ece 6.2.3 \u63d0\u5347\u81f3 6.2.4\uff0c\u4ee5\u4fee\u590d CVE-2026-48779 \u9ad8\u5371\u5b89\u5168\u6f0f\u6d1e\uff08\u6d88\u606f\u5206\u7247\u4fdd\u7559\u672a\u505a\u9650\u5236\uff0c\u53ef\u5bfc\u81f4\u5185\u5b58\u8017\u5c3d\u653b\u51fb\uff09\u3002\n\n**\u6d89\u53ca\u6587\u4ef6**:\n- [extensions/common/package.json](https://dev.azure.com/msdata/A365/_git/vscode-trident/pullrequest/2155412?path=/extensions/common/package.json&_a=files) \u2014 common \u6269\u5c55\u7684 ws \u4f9d\u8d56\u7248\u672c\u58f0\u660e\n- [extensions/remote/package.json](https://dev.azure.com/msdata/A365/_git/vscode-trident/pullrequest/2155412?path=/extensions/remote/package.json&_a=files) \u2014 remote \u6269\u5c55\u7684 ws \u4f9d\u8d56\u7248\u672c\u58f0\u660e\n\n**\u5173\u952e\u53d8\u66f4**:\n1. **ws \u7248\u672c\u7ea6\u675f\u5347\u7ea7**: \u4e24\u4e2a package.json \u4e2d `\"ws\": \"^6.2.3\"` \u66f4\u65b0\u4e3a `\"ws\": \"^6.2.4\"`\uff0c\u786e\u4fdd\u5b89\u88c5\u65f6\u4e0d\u4f1a\u89e3\u6790\u5230\u542b\u6f0f\u6d1e\u7684\u65e7\u7248\u672c\u3002\n\n[\u2191 \u8fd4\u56de\u76ee\u5f55](#\u76ee\u5f55)\n\n---\n\n### 2. \u9501\u6587\u4ef6\u66f4\u65b0\uff08pnpm-lock.yaml\uff09\n\n**\u76ee\u7684**: \u9501\u5b9a\u5b9e\u9645\u5b89\u88c5\u7684 ws \u7248\u672c\u4e3a 6.2.4\uff0c\u540c\u65f6\u66f4\u65b0\u56e0\u4f9d\u8d56\u6811\u53d8\u5316\u800c\u53d7\u5f71\u54cd\u7684\u95f4\u63a5\u4f9d\u8d56\u89e3\u6790\u3002\n\n**\u6d89\u53ca\u6587\u4ef6**:\n- [pnpm-lock.yaml](https://dev.azure.com/msdata/A365/_git/vscode-trident/pullrequest/2155412?path=/pnpm-lock.yaml&_a=files) \u2014 \u5168\u4ed3\u5e93\u4f9d\u8d56\u9501\u6587\u4ef6\n\n**\u5173\u952e\u53d8\u66f4**:\n1. **ws \u76f4\u63a5\u4f9d\u8d56\u9501\u5b9a**: `ws@6.2.3` \u2192 `ws@6.2.4`\uff0c\u5305\u542b\u5b89\u5168\u4fee\u590d\u8865\u4e01\uff08\u9650\u5236\u4fdd\u7559\u7684\u6d88\u606f\u5206\u7247\u6570\u91cf\uff09\u3002\n2. **ws \u95f4\u63a5\u5347\u7ea7**: `ws@8.18.3` \u2192 `ws@8.21.0`\uff0c\u88ab `@jupyterlab/services` \u548c `jsdom` \u7b49\u5305\u95f4\u63a5\u5f15\u7528\u3002\n3. **isomorphic-ws \u7ed1\u5b9a\u66f4\u65b0**: `isomorphic-ws@5.0.0(ws@6.2.3)` \u2192 `isomorphic-ws@5.0.0(ws@6.2.4)`\uff0c\u786e\u4fdd WebSocket \u9002\u914d\u5c42\u4f7f\u7528\u4fee\u590d\u540e\u7684\u7248\u672c\u3002\n4. **Babel \u76f8\u5173\u95f4\u63a5\u4f9d\u8d56\u5237\u65b0**: `@babel/code-frame`\u3001`@babel/helper-validator-identifier`\u3001`@babel/runtime` \u65b0\u589e 7.29.7 \u7248\u672c\u89e3\u6790\u6761\u76ee\uff0c\u5c5e\u4e8e `@testing-library/dom` \u4f9d\u8d56\u6811\u7684\u6b63\u5e38\u66f4\u65b0\u3002\n\n[\u2191 \u8fd4\u56de\u76ee\u5f55](#\u76ee\u5f55)\n\n---\n\n## \u5f71\u54cd\u5206\u6790\n\n- **\u5f71\u54cd\u8303\u56f4**: \u6240\u6709\u4f7f\u7528 WebSocket \u901a\u4fe1\u7684\u6a21\u5757\uff08common \u548c remote \u6269\u5c55\uff09\uff0c\u4ee5\u53ca\u901a\u8fc7 jsdom/jupyterlab \u95f4\u63a5\u4f7f\u7528 ws \u7684\u6d4b\u8bd5\u548c Notebook \u529f\u80fd\u3002\n- **\u7528\u6237\u611f\u77e5**: \u7528\u6237\u65e0\u611f\u77e5\u53d8\u5316\u3002\u6b64\u4e3a\u5b89\u5168\u8865\u4e01\u5347\u7ea7\uff0c\u4e0d\u5f71\u54cd\u529f\u80fd\u884c\u4e3a\uff0c\u4ec5\u4fee\u590d\u6f5c\u5728\u7684\u62d2\u7edd\u670d\u52a1\uff08DoS\uff09\u653b\u51fb\u5411\u91cf\u3002\n- **\u98ce\u9669\u70b9**:\n 1. **ws 8.x \u8de8\u5927\u7248\u672c\u8df3\u8dc3**: `ws@8.18.3` \u2192 `ws@8.21.0` \u8df3\u8dc3\u4e86\u591a\u4e2a\u6b21\u7248\u672c\uff0c\u867d\u7136 semver \u4fdd\u8bc1\u5411\u540e\u517c\u5bb9\uff0c\u4f46 `@jupyterlab/services` \u548c `jsdom` \u7684 WebSocket \u884c\u4e3a\u53ef\u80fd\u5b58\u5728\u7ec6\u5fae\u5dee\u5f02\uff0c\u5efa\u8bae\u8fd0\u884c\u96c6\u6210\u6d4b\u8bd5\u9a8c\u8bc1 Notebook \u8fde\u63a5\u548c DOM \u6a21\u62df\u573a\u666f\u3002\n 2. **Babel \u95f4\u63a5\u4f9d\u8d56\u53d8\u52a8**: \u65b0\u589e\u4e86 `@babel/code-frame@7.29.7` \u7b49\u6761\u76ee\uff0c\u5c5e\u4e8e lockfile \u89e3\u6790\u7684\u6b63\u5e38\u53d8\u52a8\uff0c\u98ce\u9669\u6781\u4f4e\uff0c\u4f46\u82e5\u6784\u5efa\u8fc7\u7a0b\u5bf9 Babel \u7248\u672c\u6709\u4e25\u683c\u7ea6\u675f\u9700\u7559\u610f\u3002\n 3. **\u8865\u4e01\u4ec5\u4e3a backport**: ws 6.2.4 \u662f\u5c06\u4e3b\u7ebf\u4fee\u590d\u56de\u79fb\u81f3 6.x \u5206\u652f\uff0c\u957f\u671f\u6765\u770b 6.x \u5df2\u63a5\u8fd1 EOL\uff0c\u5efa\u8bae\u540e\u7eed\u89c4\u5212\u5347\u7ea7\u5230 ws 8.x \u4e3b\u7ebf\u7248\u672c\u3002\n\n[\u2191 \u8fd4\u56de\u76ee\u5f55](#\u76ee\u5f55)\n", "creation_timestamp": "2026-06-17T00:09:20.000000Z"} {"uuid": "22a4d6a3-af49-4b5d-a42a-ee11e2db122d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48779", "type": "seen", "source": "https://gist.github.com/djlan/becffd7152d874641e42038b1b748f54", "content": "# PR \u89e3\u91ca: [SECURITY] bump ws from 6.2.3 to 6.2.4\n\nDependabot \u9488\u5bf9 CVE-2026-48779 \u9ad8\u5371\u5b89\u5168\u6f0f\u6d1e\uff0c\u5c06 WebSocket \u5e93 `ws` \u4ece 6.2.3 \u5347\u7ea7\u81f3 6.2.4\uff0c\u4fee\u590d\u4e86\u6d88\u606f\u5206\u7247\u5185\u5b58\u672a\u9650\u5236\u7684\u5b89\u5168\u95ee\u9898\u3002\n\n**PR \u94fe\u63a5**: https://dev.azure.com/msdata/A365/_git/vscode-trident/pullrequest/2155412\n**\u4f5c\u8005**: Dependabot\n**\u72b6\u6001**: active\n**\u5206\u652f**: `dependabot/npm_and_yarn/ws-6.2.4-3632050` \u2192 `main`\n**\u53d8\u66f4\u7edf\u8ba1**: 4 files changed\n\n## \u76ee\u5f55\n- [\u53d8\u66f4\u6982\u89c8](#\u53d8\u66f4\u6982\u89c8)\n- [\u5f71\u54cd\u5206\u6790](#\u5f71\u54cd\u5206\u6790)\n\n---\n\n## \u53d8\u66f4\u6982\u89c8\n\n### 1. \u4f9d\u8d56\u7248\u672c\u58f0\u660e\u66f4\u65b0\n\n**\u76ee\u7684**: \u5c06 `ws` \u5305\u7684\u6700\u4f4e\u7248\u672c\u8981\u6c42\u4ece 6.2.3 \u63d0\u5347\u81f3 6.2.4\uff0c\u4ee5\u4fee\u590d CVE-2026-48779 \u9ad8\u5371\u5b89\u5168\u6f0f\u6d1e\uff08\u6d88\u606f\u5206\u7247\u4fdd\u7559\u672a\u505a\u9650\u5236\uff0c\u53ef\u5bfc\u81f4\u5185\u5b58\u8017\u5c3d\u653b\u51fb\uff09\u3002\n\n**\u6d89\u53ca\u6587\u4ef6**:\n- [extensions/common/package.json](https://dev.azure.com/msdata/A365/_git/vscode-trident/pullrequest/2155412?path=/extensions/common/package.json&_a=files) \u2014 common \u6269\u5c55\u7684 ws \u4f9d\u8d56\u7248\u672c\u58f0\u660e\n- [extensions/remote/package.json](https://dev.azure.com/msdata/A365/_git/vscode-trident/pullrequest/2155412?path=/extensions/remote/package.json&_a=files) \u2014 remote \u6269\u5c55\u7684 ws \u4f9d\u8d56\u7248\u672c\u58f0\u660e\n\n**\u5173\u952e\u53d8\u66f4**:\n1. **ws \u7248\u672c\u7ea6\u675f\u5347\u7ea7**: \u4e24\u4e2a package.json \u4e2d `\"ws\": \"^6.2.3\"` \u66f4\u65b0\u4e3a `\"ws\": \"^6.2.4\"`\uff0c\u786e\u4fdd\u5b89\u88c5\u65f6\u4e0d\u4f1a\u89e3\u6790\u5230\u542b\u6f0f\u6d1e\u7684\u65e7\u7248\u672c\u3002\n\n[\u2191 \u8fd4\u56de\u76ee\u5f55](#\u76ee\u5f55)\n\n---\n\n### 2. \u9501\u6587\u4ef6\u66f4\u65b0\uff08pnpm-lock.yaml\uff09\n\n**\u76ee\u7684**: \u9501\u5b9a\u5b9e\u9645\u5b89\u88c5\u7684 ws \u7248\u672c\u4e3a 6.2.4\uff0c\u540c\u65f6\u66f4\u65b0\u56e0\u4f9d\u8d56\u6811\u53d8\u5316\u800c\u53d7\u5f71\u54cd\u7684\u95f4\u63a5\u4f9d\u8d56\u89e3\u6790\u3002\n\n**\u6d89\u53ca\u6587\u4ef6**:\n- [pnpm-lock.yaml](https://dev.azure.com/msdata/A365/_git/vscode-trident/pullrequest/2155412?path=/pnpm-lock.yaml&_a=files) \u2014 \u5168\u4ed3\u5e93\u4f9d\u8d56\u9501\u6587\u4ef6\n\n**\u5173\u952e\u53d8\u66f4**:\n1. **ws \u76f4\u63a5\u4f9d\u8d56\u9501\u5b9a**: `ws@6.2.3` \u2192 `ws@6.2.4`\uff0c\u5305\u542b\u5b89\u5168\u4fee\u590d\u8865\u4e01\uff08\u9650\u5236\u4fdd\u7559\u7684\u6d88\u606f\u5206\u7247\u6570\u91cf\uff09\u3002\n2. **ws \u95f4\u63a5\u5347\u7ea7**: `ws@8.18.3` \u2192 `ws@8.21.0`\uff0c\u88ab `@jupyterlab/services` \u548c `jsdom` \u7b49\u5305\u95f4\u63a5\u5f15\u7528\u3002\n3. **isomorphic-ws \u7ed1\u5b9a\u66f4\u65b0**: `isomorphic-ws@5.0.0(ws@6.2.3)` \u2192 `isomorphic-ws@5.0.0(ws@6.2.4)`\uff0c\u786e\u4fdd WebSocket \u9002\u914d\u5c42\u4f7f\u7528\u4fee\u590d\u540e\u7684\u7248\u672c\u3002\n4. **Babel \u76f8\u5173\u95f4\u63a5\u4f9d\u8d56\u5237\u65b0**: `@babel/code-frame`\u3001`@babel/helper-validator-identifier`\u3001`@babel/runtime` \u65b0\u589e 7.29.7 \u7248\u672c\u89e3\u6790\u6761\u76ee\uff0c\u5c5e\u4e8e `@testing-library/dom` \u4f9d\u8d56\u6811\u7684\u6b63\u5e38\u66f4\u65b0\u3002\n\n[\u2191 \u8fd4\u56de\u76ee\u5f55](#\u76ee\u5f55)\n\n---\n\n## \u5f71\u54cd\u5206\u6790\n\n- **\u5f71\u54cd\u8303\u56f4**: \u6240\u6709\u4f7f\u7528 WebSocket \u901a\u4fe1\u7684\u6a21\u5757\uff08common \u548c remote \u6269\u5c55\uff09\uff0c\u4ee5\u53ca\u901a\u8fc7 jsdom/jupyterlab \u95f4\u63a5\u4f7f\u7528 ws \u7684\u6d4b\u8bd5\u548c Notebook \u529f\u80fd\u3002\n- **\u7528\u6237\u611f\u77e5**: \u7528\u6237\u65e0\u611f\u77e5\u53d8\u5316\u3002\u6b64\u4e3a\u5b89\u5168\u8865\u4e01\u5347\u7ea7\uff0c\u4e0d\u5f71\u54cd\u529f\u80fd\u884c\u4e3a\uff0c\u4ec5\u4fee\u590d\u6f5c\u5728\u7684\u62d2\u7edd\u670d\u52a1\uff08DoS\uff09\u653b\u51fb\u5411\u91cf\u3002\n- **\u98ce\u9669\u70b9**:\n 1. **ws 8.x \u8de8\u5927\u7248\u672c\u8df3\u8dc3**: `ws@8.18.3` \u2192 `ws@8.21.0` \u8df3\u8dc3\u4e86\u591a\u4e2a\u6b21\u7248\u672c\uff0c\u867d\u7136 semver \u4fdd\u8bc1\u5411\u540e\u517c\u5bb9\uff0c\u4f46 `@jupyterlab/services` \u548c `jsdom` \u7684 WebSocket \u884c\u4e3a\u53ef\u80fd\u5b58\u5728\u7ec6\u5fae\u5dee\u5f02\uff0c\u5efa\u8bae\u8fd0\u884c\u96c6\u6210\u6d4b\u8bd5\u9a8c\u8bc1 Notebook \u8fde\u63a5\u548c DOM \u6a21\u62df\u573a\u666f\u3002\n 2. **Babel \u95f4\u63a5\u4f9d\u8d56\u53d8\u52a8**: \u65b0\u589e\u4e86 `@babel/code-frame@7.29.7` \u7b49\u6761\u76ee\uff0c\u5c5e\u4e8e lockfile \u89e3\u6790\u7684\u6b63\u5e38\u53d8\u52a8\uff0c\u98ce\u9669\u6781\u4f4e\uff0c\u4f46\u82e5\u6784\u5efa\u8fc7\u7a0b\u5bf9 Babel \u7248\u672c\u6709\u4e25\u683c\u7ea6\u675f\u9700\u7559\u610f\u3002\n 3. **\u8865\u4e01\u4ec5\u4e3a backport**: ws 6.2.4 \u662f\u5c06\u4e3b\u7ebf\u4fee\u590d\u56de\u79fb\u81f3 6.x \u5206\u652f\uff0c\u957f\u671f\u6765\u770b 6.x \u5df2\u63a5\u8fd1 EOL\uff0c\u5efa\u8bae\u540e\u7eed\u89c4\u5212\u5347\u7ea7\u5230 ws 8.x \u4e3b\u7ebf\u7248\u672c\u3002\n\n[\u2191 \u8fd4\u56de\u76ee\u5f55](#\u76ee\u5f55)\n", "creation_timestamp": "2026-06-17T00:09:20.000000Z"} https://vulnerability.circl.lu/sighting/22a4d6a3-af49-4b5d-a42a-ee11e2db122d/export Wed, 17 Jun 2026 00:09:20 +0000 98b5e9cb-20e2-4dcc-ac9b-57df21ad05cc https://vulnerability.circl.lu/sighting/98b5e9cb-20e2-4dcc-ac9b-57df21ad05cc/export {"uuid": "98b5e9cb-20e2-4dcc-ac9b-57df21ad05cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48779", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moh44f7g7h2h", "content": "CVE-2026-48779 - ws: Memory exhaustion DoS from tiny fragments and data chunks\nCVE ID : CVE-2026-48779\n \n Published : June 16, 2026, 9:26 p.m. | 2\u00a0hours, 6\u00a0minutes ago\n \n Description : ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to ...", "creation_timestamp": "2026-06-17T00:55:40.769044Z"} {"uuid": "98b5e9cb-20e2-4dcc-ac9b-57df21ad05cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48779", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moh44f7g7h2h", "content": "CVE-2026-48779 - ws: Memory exhaustion DoS from tiny fragments and data chunks\nCVE ID : CVE-2026-48779\n \n Published : June 16, 2026, 9:26 p.m. | 2\u00a0hours, 6\u00a0minutes ago\n \n Description : ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to ...", "creation_timestamp": "2026-06-17T00:55:40.769044Z"} https://vulnerability.circl.lu/sighting/98b5e9cb-20e2-4dcc-ac9b-57df21ad05cc/export Wed, 17 Jun 2026 00:55:40 +0000