perplexityai · jviehhauser · May 28, 2026 · May 28, 2026
diff --git a/threat_intel/README.md b/threat_intel/README.md
@@ -20,3 +20,5 @@ the entries against current advisories before production use.
 | [`shopsprint-decimal-typosquat.json`](shopsprint-decimal-typosquat.json) | Go `github.com/shopsprint/decimal` v1.3.3 typosquat with DNS TXT backdoor | [Socket, 2026-05-19](https://socket.dev/blog/popular-go-decimal-library-typosquat-dns-backdoor) |
 | [`gemstuffer.json`](gemstuffer.json) | GemStuffer RubyGems exfiltration campaign (123 gems / 155 versions) targeting UK local government | [Socket, 2026-05-13](https://socket.dev/blog/gemstuffer) |
 | [`trapdoor-crypto-stealer.json`](trapdoor-crypto-stealer.json) | TrapDoor Crypto Stealer cross-ecosystem credential/wallet stealer across npm, PyPI, and Cargo/Crates.io (28 npm/PyPI entries / 378 versions; 6 Cargo packages documented under `_cargo_packages`, not matched until Cargo support lands) | [Socket, 2026-05-24](https://socket.dev/blog/trapdoor-crypto-stealer-npm-pypi-crates) |
+| [`conda-forge-metadata-2025-03-04.json`](conda-forge-metadata-2025-03-04.json) | `conda-forge-metadata` PyPI package <=0.4.1 dependency-confusion RCE via the unregistered `conda-oci-mirror` optional dep (`[oci]` extras). Fixed upstream by claiming the PyPI placeholder name; affected installed releases are 0.3.0 and 0.4.1 | [GHSA-vwfh-m3q7-9jpw, 2025-03-04](https://github.com/conda-forge/conda-forge-metadata/security/advisories/GHSA-vwfh-m3q7-9jpw) |
+| [`conda-tooling-7asecurity-2025-06-14.json`](conda-tooling-7asecurity-2025-06-14.json) | Three CVEs against conda-channel-distributed conda tooling disclosed by the 7ASecurity OSTIF/STA audit: `conda-build` <=25.3.2 recipe-selector RCE (CVE-2025-32798) and Tarslip path traversal (CVE-2025-32799), plus `conda-smithy` <=3.47.0 RSA padding-oracle in `travis_encrypt_binstar_token` (CVE-2025-49824). `ecosystem: "conda"` — matched by the conda-meta scanner once that lands. | [conda-forge audit summary, 2025-07-16](https://conda-forge.org/blog/2025/07/16/security-audit/) |
diff --git a/threat_intel/conda-forge-metadata-2025-03-04.json b/threat_intel/conda-forge-metadata-2025-03-04.json
@@ -0,0 +1,27 @@
+{
+  "schema_version": "0.1.0",
+  "_comment": "CVE-2025-27510 / GHSA-vwfh-m3q7-9jpw: conda-forge-metadata <=0.4.1 declares an optional dependency on `conda-oci-mirror` (an unregistered PyPI name) under its `[oci]` extras. A user who runs `pip install conda-forge-metadata[oci]` would have pip resolve `conda-oci-mirror` from PyPI; an attacker who registered that name on PyPI before the conda-forge team did would achieve remote code execution at install time. The advisory is `affected versions: 0.4.1 <=`; PyPI's release history shows exactly two releases at or below 0.4.1 (0.3.0 published 2023-04-09 and 0.4.1 published 2023-04-21 — there is no 0.1.x/0.2.x/0.4.0 release). 0.5.0 (2023-05-17) is the first non-affected release. The fix was applied upstream by registering the placeholder package, so the advisory header states `addressed and no further action is required from users for future or past versions`; we still catalog the affected installed versions so an inventory scan can flag hosts that pinned a pre-0.5.0 release. Ecosystem is `pypi` because conda-forge-metadata is distributed via PyPI, not via the conda-forge channel. Pixi users picking up conda tooling via pixi.lock's pypi section, or anyone with a `pip install conda-forge-metadata` in their environment, would surface here.",
+  "entries": [
+    {
+      "id": "ghsa-vwfh-m3q7-9jpw-conda-forge-metadata-dependency-confusion",
+      "name": "conda-forge-metadata <=0.4.1 (CVE-2025-27510 dependency-confusion RCE via unregistered conda-oci-mirror PyPI name)",
+      "ecosystem": "pypi",
+      "package": "conda-forge-metadata",
+      "versions": [
+        "0.3.0",
+        "0.4.1"
+      ],
+      "severity": "critical",
+      "source": "https://github.com/conda-forge/conda-forge-metadata/security/advisories/GHSA-vwfh-m3q7-9jpw",
+      "cve": "CVE-2025-27510",
+      "ghsa": "GHSA-vwfh-m3q7-9jpw",
+      "cvss": "9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)",
+      "published": "2025-03-04",
+      "indicators": {
+        "vulnerable_install_command": "pip install conda-forge-metadata[oci]",
+        "unregistered_dependency_name": "conda-oci-mirror",
+        "fix_strategy": "upstream-side; conda-forge claimed the placeholder PyPI name, so no version bump on conda-forge-metadata itself"
+      }
+    }
+  ]
+}
diff --git a/threat_intel/conda-tooling-7asecurity-2025-06-14.json b/threat_intel/conda-tooling-7asecurity-2025-06-14.json
@@ -0,0 +1,107 @@
+{
+  "schema_version": "0.1.0",
+  "_comment": "Cluster of three GitHub Security Advisories published 2025-06-14 against conda-channel-distributed conda tooling, all surfaced by the 7ASecurity audit conducted under OSTIF/STA sponsorship in March-April 2025. Two are in conda-build (the conda-recipe build system) and one is in conda-smithy (the conda-forge feedstock automation). All three ship via conda-forge as conda packages; their PyPI namesakes (`conda-build`, `conda-smithy`) are inert placeholders that point readers to the conda channel, so these advisories are matched as `ecosystem: \"conda\"` against conda-meta records produced by the conda scanner added in PR #36. Until that scanner lands these entries are inert. Affected versions per advisory are stated as `<=X.Y.Z`; we enumerate every conda-forge release at or below the cutoff per the project's exposure-catalog convention (cf. laravel-lang-2026-05-23.json which enumerated 730 releases). The audit's broader CVE set also covered infrastructure issues (CVE-2025-31484 token exposure, CVE-2025-49823 staged-recipes weak permissions, CVE-2025-32784 / -32797 conda-smithy CI hardening) which are not catalogable as on-disk package presence; see https://conda-forge.org/blog/2025/07/16/security-audit/ for the full audit summary.",
+  "entries": [
+    {
+      "id": "ghsa-6cc8-c3c9-3rgr-conda-build-recipe-selector-rce",
+      "name": "conda-build <=25.3.2 (CVE-2025-32798: arbitrary code execution via malicious recipe selectors)",
+      "ecosystem": "conda",
+      "package": "conda-build",
+      "versions": [
+        "2.0.12", "2.1.1", "2.1.2", "2.1.3", "2.1.4", "2.1.6", "2.1.7", "2.1.8", "2.1.9", "2.1.10",
+        "2.1.15", "2.1.16", "2.1.17", "2.1.18", "3.4.1", "3.4.2", "3.5.1", "3.6.0", "3.7.0", "3.7.1",
+        "3.7.2", "3.8.0", "3.8.1", "3.9.1", "3.9.2", "3.10.1", "3.10.2", "3.10.3", "3.10.4", "3.10.5",
+        "3.10.6", "3.10.7", "3.10.8", "3.10.9", "3.11.0", "3.12.0", "3.12.1", "3.13.0", "3.14.0", "3.14.1",
+        "3.14.2", "3.14.4", "3.15.1", "3.16.0", "3.16.1", "3.16.2", "3.16.3", "3.17.0", "3.17.1", "3.17.3",
+        "3.17.4", "3.17.5", "3.17.7", "3.17.8", "3.18.1", "3.18.2", "3.18.3", "3.18.4", "3.18.5", "3.18.6",
+        "3.18.7", "3.18.8", "3.18.9", "3.18.10", "3.18.11", "3.18.12", "3.19.0", "3.19.1", "3.19.2", "3.20.0",
+        "3.20.1", "3.20.2", "3.20.3", "3.20.4", "3.20.5", "3.21.0", "3.21.1", "3.21.3", "3.21.4", "3.21.6",
+        "3.21.7", "3.21.8", "3.21.9", "3.22.0", "3.23.0", "3.23.1", "3.23.2", "3.23.3", "3.24.0", "3.25.0",
+        "3.26.0", "3.26.1", "3.27.0", "3.28.0", "3.28.1", "3.28.2", "3.28.3", "3.28.4", "24.1.2", "24.3.0",
+        "24.5.0", "24.5.1", "24.7.1", "24.9.0", "24.11.1", "24.11.2", "25.1.1", "25.1.2", "25.3.0", "25.3.1",
+        "25.3.2"
+      ],
+      "severity": "high",
+      "source": "https://github.com/conda/conda-build/security/advisories/GHSA-6cc8-c3c9-3rgr",
+      "cve": "CVE-2025-32798",
+      "ghsa": "GHSA-6cc8-c3c9-3rgr",
+      "published": "2025-06-14",
+      "patched_version": "25.4.0",
+      "indicators": {
+        "vector": "conda-build recipe processing logic evaluates user-controlled selector expressions unsafely; building a recipe authored by an untrusted party can execute arbitrary code in the builder context",
+        "audit_source": "7ASecurity OSTIF/STA-sponsored conda-forge audit, Mar-Apr 2025"
+      }
+    },
+    {
+      "id": "ghsa-h499-pxgj-qh5h-conda-build-tarslip",
+      "name": "conda-build <=25.3.2 (CVE-2025-32799: path traversal / Tarslip via crafted tar archive)",
+      "ecosystem": "conda",
+      "package": "conda-build",
+      "versions": [
+        "2.0.12", "2.1.1", "2.1.2", "2.1.3", "2.1.4", "2.1.6", "2.1.7", "2.1.8", "2.1.9", "2.1.10",
+        "2.1.15", "2.1.16", "2.1.17", "2.1.18", "3.4.1", "3.4.2", "3.5.1", "3.6.0", "3.7.0", "3.7.1",
+        "3.7.2", "3.8.0", "3.8.1", "3.9.1", "3.9.2", "3.10.1", "3.10.2", "3.10.3", "3.10.4", "3.10.5",
+        "3.10.6", "3.10.7", "3.10.8", "3.10.9", "3.11.0", "3.12.0", "3.12.1", "3.13.0", "3.14.0", "3.14.1",
+        "3.14.2", "3.14.4", "3.15.1", "3.16.0", "3.16.1", "3.16.2", "3.16.3", "3.17.0", "3.17.1", "3.17.3",
+        "3.17.4", "3.17.5", "3.17.7", "3.17.8", "3.18.1", "3.18.2", "3.18.3", "3.18.4", "3.18.5", "3.18.6",
+        "3.18.7", "3.18.8", "3.18.9", "3.18.10", "3.18.11", "3.18.12", "3.19.0", "3.19.1", "3.19.2", "3.20.0",
+        "3.20.1", "3.20.2", "3.20.3", "3.20.4", "3.20.5", "3.21.0", "3.21.1", "3.21.3", "3.21.4", "3.21.6",
+        "3.21.7", "3.21.8", "3.21.9", "3.22.0", "3.23.0", "3.23.1", "3.23.2", "3.23.3", "3.24.0", "3.25.0",
+        "3.26.0", "3.26.1", "3.27.0", "3.28.0", "3.28.1", "3.28.2", "3.28.3", "3.28.4", "24.1.2", "24.3.0",
+        "24.5.0", "24.5.1", "24.7.1", "24.9.0", "24.11.1", "24.11.2", "25.1.1", "25.1.2", "25.3.0", "25.3.1",
+        "25.3.2"
+      ],
+      "severity": "high",
+      "source": "https://github.com/conda/conda-build/security/advisories/GHSA-h499-pxgj-qh5h",
+      "cve": "CVE-2025-32799",
+      "ghsa": "GHSA-h499-pxgj-qh5h",
+      "published": "2025-06-14",
+      "patched_version": "25.4.0",
+      "indicators": {
+        "vector": "conda-build tar extraction does not sanitize entry paths; a malicious archive can write files outside the intended destination (Tarslip / CVE-2007-4559 family)",
+        "audit_source": "7ASecurity OSTIF/STA-sponsored conda-forge audit, Mar-Apr 2025"
+      }
+    },
+    {
+      "id": "ghsa-2xf4-hg9q-m58q-conda-smithy-padding-oracle",
+      "name": "conda-smithy <=3.47.0 (CVE-2025-49824: RSA PKCS#1 v1.5 padding-oracle in travis_encrypt_binstar_token)",
+      "ecosystem": "conda",
+      "package": "conda-smithy",
+      "versions": [
+        "0.1.0dev", "0.2", "0.3", "0.3.1", "0.4.2", "0.5.1", "0.6.0", "0.6.1", "0.7.1", "0.7.2",
+        "0.8.0", "0.8.2", "0.8.3", "0.8.4", "0.9.0", "0.9.1", "0.9.2", "0.10.3", "0.10.4", "0.10.5",
+        "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.3.0", "1.3.1",
+        "1.3.2", "1.3.3", "1.4.0", "1.4.1", "1.4.2", "1.4.3", "1.4.4", "1.4.5", "1.4.6", "1.5.0",
+        "1.5.1", "1.5.2", "1.5.3", "1.6.0", "1.6.1", "1.7.0", "2.0.0", "2.0.1", "2.1.0", "2.1.1",
+        "2.2.0", "2.2.1", "2.2.2", "2.3.0", "2.3.1", "2.3.2", "2.3.3", "2.4.0", "2.4.1", "2.4.2",
+        "2.4.3", "2.4.4", "2.4.5", "3.0.0", "3.1.0", "3.1.1", "3.1.2", "3.1.3", "3.1.4", "3.1.5",
+        "3.1.6", "3.1.8", "3.1.9", "3.1.10", "3.1.11", "3.1.12", "3.2.2", "3.2.6", "3.2.7", "3.2.8",
+        "3.2.9", "3.2.10", "3.2.11", "3.2.12", "3.2.13", "3.2.14", "3.3.0", "3.3.1", "3.3.2", "3.3.3",
+        "3.3.4", "3.3.6", "3.3.7", "3.4.0", "3.4.1", "3.4.2", "3.4.3", "3.4.4", "3.4.5", "3.4.6",
+        "3.4.7", "3.4.8", "3.5.0", "3.6.0", "3.6.1", "3.6.2", "3.6.3", "3.6.4", "3.6.5", "3.6.6",
+        "3.6.7", "3.6.8", "3.6.9", "3.6.10", "3.6.11", "3.6.12", "3.6.13", "3.6.14", "3.6.15", "3.6.16",
+        "3.6.17", "3.7.0", "3.7.1", "3.7.2", "3.7.3", "3.7.4", "3.7.5", "3.7.6", "3.7.7", "3.7.8",
+        "3.7.9", "3.7.10", "3.8.0", "3.8.1", "3.8.2", "3.8.4", "3.8.5", "3.8.6", "3.9.0", "3.10.0",
+        "3.10.1", "3.10.2", "3.10.3", "3.11.0", "3.12", "3.13.0", "3.14.0", "3.14.1", "3.14.2", "3.14.3",
+        "3.15.0", "3.15.1", "3.16.0", "3.16.1", "3.16.2", "3.17.0", "3.17.1", "3.17.2", "3.18.0", "3.19.0",
+        "3.20.0", "3.21.0", "3.21.1", "3.21.2", "3.21.3", "3.22.0", "3.22.1", "3.23.0", "3.23.1", "3.24.0",
+        "3.24.1", "3.25.0", "3.25.1", "3.26.0", "3.26.1", "3.26.2", "3.26.3", "3.27.0", "3.27.1", "3.28.0",
+        "3.29.0", "3.30.0", "3.30.1", "3.30.2", "3.30.3", "3.30.4", "3.31.0", "3.31.1", "3.32.0", "3.33.0",
+        "3.34.0", "3.34.1", "3.35.0", "3.35.1", "3.36.0", "3.36.1", "3.36.2", "3.37.0", "3.37.1", "3.37.2",
+        "3.38.0", "3.39.0", "3.39.1", "3.40.0", "3.40.1", "3.41.0", "3.41.1", "3.42.0", "3.42.1", "3.42.2",
+        "3.43.0", "3.43.1", "3.43.2", "3.44.0", "3.44.2", "3.44.3", "3.44.4", "3.44.5", "3.44.6", "3.44.7",
+        "3.44.8", "3.44.9", "3.45.0", "3.45.1", "3.45.2", "3.45.3", "3.45.4", "3.46.0", "3.46.1", "3.47.0"
+      ],
+      "severity": "medium",
+      "source": "https://github.com/conda-forge/conda-smithy/security/advisories/GHSA-2xf4-hg9q-m58q",
+      "cve": "CVE-2025-49824",
+      "ghsa": "GHSA-2xf4-hg9q-m58q",
+      "published": "2025-06-14",
+      "patched_version": "3.47.1",
+      "indicators": {
+        "vector": "travis_encrypt_binstar_token used RSA PKCS#1 v1.5 padding instead of OAEP; an attacker with oracle access could iteratively recover the plaintext token (Bleichenbacher-style attack)",
+        "audit_source": "7ASecurity OSTIF/STA-sponsored conda-forge audit, Mar-Apr 2025"
+      }
+    }
+  ]
+}