Improper Validation of Function Hook Arguments

Overview Affected versions of this package are vulnerable to Improper Validation of Function Hook Arguments in the /api/webhook endpoint via the affectedRevisionInfo function. An attacker can cause the server process to crash and disrupt service availability by sending a Gogs push event whose JSO...

Improper Validation of Function Hook Arguments

Overview Affected versions of this package are vulnerable to Improper Validation of Function Hook Arguments in the /api/webhook endpoint via the affectedRevisionInfo function. An attacker can cause the server process to crash and disrupt service availability by sending a Gogs push event whose JSO...

Improper Validation of Function Hook Arguments

Overview Affected versions of this package are vulnerable to Improper Validation of Function Hook Arguments in the /api/webhook endpoint via the affectedRevisionInfo function. An attacker can cause the server process to crash and disrupt service availability by sending a Gogs push event whose JSO...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from undisabled works in hciunregisterdev, which may cause new commits to be undesirable...

PatchSeeker: Mapping NVD Records to Their Vulnerability-Fixing Commits with LLM Generated Commits and Embeddings

Software vulnerabilities pose serious risks to modern software ecosystems. While the National Vulnerability Database NVD is the authoritative source for cataloging these vulnerabilities, it often lacks explicit links to the corresponding Vulnerability-Fixing Commits VFCs. VFCs encode precise code...

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the key exchange process. An attacker can cause gradual memory exhaustion and potential application crashes by repeatedly initiating key exchanges with incorrect guesses as an...

GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms

Cybersecurity researchers have detailed a new sophisticated malware campaign that leverages paid ads on search engines like Google to deliver malware to unsuspecting users looking for popular tools like GitHub Desktop. While malvertising campaigns have become commonplace in recent years, the late...

Linux Distros Unpatched Vulnerability : CVE-2024-3114

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the...

Linux Distros Unpatched Vulnerability : CVE-2023-2190

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all...

Linux Distros Unpatched Vulnerability : CVE-2024-4901

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1...

Malicious code in @flutter-global/uki-gaming-commits (npm)

The package @flutter-global/uki-gaming-commits was found to contain malicious code...

MAL-2025-7935 Malicious code in @flutter-global/uki-gaming-commits (npm)

The package @flutter-global/uki-gaming-commits was found to contain malicious code...

CVE-2025-8941

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

Sensitive Data Exposure

@finos/git-proxy is vulnerable to sensitive data exposure. The vulnerability is due to improper validation of commits in the pack sent to GitHub, which allows an attacker to inject unreferenced commits containing sensitive data and retrieve them via direct commit URLs without appearing in the...

Malicious File Parsing

@finos/git-proxy is vulnerable to malicious file parsing. The vulnerability is due to improper PACK signature detection in parsePush.ts, which allows an attacker to embed misleading signatures in commit content and craft packet structures to bypass approval or hide commits...

Linux Distros Unpatched Vulnerability : CVE-2024-58088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The following commit bc235cdb423a bpf: Prevent...

ExecuTorch integer overflow vulnerability

An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73...

[SECURITY] Fedora 42 Update: reposurgeon-5.3-1.fc42

Reposurgeon enables risky operations that version-control systems don't want to let you do, such as editing past comments and metadata and removing commits. It works with any version control system that can export and import git fast-import streams, including git, hg, fossil, bzr, CVS and RCS. It...

CVE-2025-54586

GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visib...

Information Exposure

Overview @finos/git-proxy is a Deploy custom push protections and policies on top of Git. Affected versions of this package are vulnerable to Information Exposure due to a lack of checking for hidden commits. An attacker can access sensitive repository data by injecting additional commits that ar...