EUVD-2022-6005

Malicious code in bioql PyPI...

EUVD-2022-6192

Malicious code in bioql PyPI...

EUVD-2022-5965

Malicious code in bioql PyPI...

@basket/get (>=1.1.0 <=1.2.2), @bitovi/incremental (>=1.0.0 <=1.0.2) +50 more potentially affected by CVE-2022-37259 via steal (>=0.12.9 <=2.3.0)

steal NPM version =0.12.9, =1.1.0, =1.0.0, =1.0.0, =0.0.0, =0.1.0, =0.1.0, =0.0.1, =0.0.1-0, =0.3.0, =1.0.0, =0.4.0, =0.7.3 and more Source cves: CVE-2022-37259 Source advisory: OSV:GHSA-RGQX-226F-2XP4...

@basket/get (>=1.1.0 <=1.2.2), @bitovi/incremental (>=1.0.0 <=1.0.2) +50 more potentially affected by CVE-2022-37257 via steal (>=0.12.9 <=2.3.0)

steal NPM version =0.12.9, =1.1.0, =1.0.0, =1.0.0, =0.0.0, =0.1.0, =0.1.0, =0.0.1, =0.0.1-0, =0.3.0, =1.0.0, =0.4.0, =0.7.3 and more Source cves: CVE-2022-37257 Source advisory: OSV:GHSA-93Q5-3XPC-8VG3...

@basket/get (>=1.1.0 <=1.2.2), @bitovi/incremental (>=1.0.0 <=1.0.2) +50 more potentially affected by CVE-2022-37264 via steal (>=0.12.9 <=2.3.0)

steal NPM version =0.12.9, =1.1.0, =1.0.0, =1.0.0, =0.0.0, =0.1.0, =0.1.0, =0.0.1, =0.0.1-0, =0.3.0, =1.0.0, =0.4.0, =0.7.3 and more Source cves: CVE-2022-37264 Source advisory: OSV:GHSA-8F8G-9J73-7P82...

CVE-2022-31038

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 DisplayName does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes DisplayName...

CVE-2022-1986

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9...

CVE-2022-1992

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9...

CVE-2022-1993

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9...

CVE-2022-1993

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9...

Command injection

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9...

Path traversal

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9...

CVE-2022-1993

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9...

CVE-2022-1986 OS Command Injection in gogs/gogs

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9...

Gogs 路径遍历漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service from the GOGS team that supports creating and migrating public/private repositories, adding and removing repository collaborators, and more. A security vulnerability exists in Gogs versions prior to 0.12.9, which stems from a path...

Gogs 路径遍历漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service from the GOGS team that supports creating and migrating public/private repositories, adding and removing repository collaborators, and more. A security vulnerability exists in Gogs versions prior to 0.12.9, which stems from a path...

Gogs 跨站脚本漏洞

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A cross-site scripting vulnerability exists in Gogs versions prior to...

Gogs 操作系统命令注入漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service from the GOGS team that supports creating and migrating public/private repositories, adding and removing repository collaborators, and more. A security vulnerability exists in Gogs versions prior to 0.12.9, which stems from an OS...

OS Command Injection in file editor in Gogs

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches File deletions are prohibited to repository...