CVE-2022-31128

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via th...

GO-2025-4263 Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

Gitea allows XSS because the search input box for creating tags and branches is v-html instead of v-text in code.gitea.io/gitea...

EUVD-2024-17232

Malicious code in bioql PyPI...

EUVD-2024-47587

Malicious code in bioql PyPI...

EUVD-2022-42999

Malicious code in bioql PyPI...

EUVD-2025-23205

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-3639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all...

Improper Authorization

@finos/git-proxy is vulnerable to Improper Authorization. The vulnerability is due to improper validation of branch creation workflows due to the way GitProxy handles new branch creation, allowing attackers to bypass approval of prior commits on the parent branch...

CVE-2025-54585

GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations...

CVE-2025-54585

GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations...

Improper Authorization

Overview @finos/git-proxy is a Deploy custom push protections and policies on top of Git. Affected versions of this package are vulnerable to Improper Authorization via the getDiff.ts and parsePush.ts files, when handling new branch creation. An attacker can bypass required approvals for prior...

CVE-2025-54585

GitProxy (versions ≤ 1.19.1) is vulnerable to a new-branch approval exploit: nearby commits on a parent branch can be pushed without proper approval due to how new branches are detected (uses a zero-hash check). The issue requires only regular push access and no extra user interaction, but it doe...

GitProxy New Branch Approval Exploit

Summary An attacker can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. Because it can greatly affect system integrity, we classify this as a High impact vulnerability. Details GitProxy checks for the...

The Fintech Open Source Foundation GitProxy 授权问题漏洞

The Fintech Open Source Foundation GitProxy is a The Fintech Open Source Foundation Foundation deployment of custom push protections and policies on top of Git. An authorization issue vulnerability exists in The Fintech Open Source Foundation GitProxy 1.19.1 and prior versions, which stems from t...

CVE-2024-6502

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag...

BIT-GITLAB-2024-6502 Incorrect Provision of Specified Functionality in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag...

CVE-2024-6502

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag...

UBUNTU-CVE-2024-6502

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag...

CVE-2024-6502 Incorrect Provision of Specified Functionality in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag...

CVE-2024-6502

GitLab CVE-2024-6502 affects GitLab CE/EE: versions from 8.2 up to 17.1.6, from 17.2 up to 17.2.4, and from 17.3 up to 17.3.1 are vulnerable to an issue that allows an attacker to create a branch with the same name as a deleted tag. The connected documents confirm the affected version ranges and ...