📦 Melange

This vulnerability allows attackers to execute arbitrary shell commands on the build host by injecting shell metacharacters into melange's patch pipeline inputs. It affects users of melange from versi...

CVE-2026-24843 is a path traversal vulnerability in melange that allows attackers to write files outside the intended workspace directory. Attackers who can influence tar streams from QEMU guest VMs c...

This vulnerability allows attackers to execute arbitrary shell commands in melange pipelines when they can provide build input values. The issue occurs when ${{vars.*}} or ${{inputs.*}} substitutions ...

This vulnerability in melange allows attackers to read arbitrary files from the host system through path traversal in license file paths. Attackers who can influence melange configuration files (e.g.,...