PT-2026-42909

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

CVE-2026-28735

Mattermost versions 10.11.x up to 10.11.14, 11.4.x up to 11.4.4, 11.5.x up to 11.5.3, and 11.6.x up to 11.6.0 fail to validate the OAuth token scope on the callback, enabling an authenticated Mattermost user to gain access to private repositories by modifying the scope parameter in the GitHub aut...

CVE-2026-28735 GitHub OAuth Scope Validation

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL...

[SECURITY] Fedora 43 Update: gh-2.83.2-1.fc43

A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform vari ous actions right from the command line, eliminating the need to...

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

Mintlify 安全漏洞

Mintlify is an AI-powered documentation platform from US-based Mintlify. A security vulnerability exists in versions of Mintlify prior to 2025-11-15, which stems from not validating the repository owner in the GitHub Integration API, potentially leading to the disclosure of sensitive information...

Linux Distros Unpatched Vulnerability : CVE-2022-2882

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all version...

CVE-2024-47910

An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT...

PT-2024-32886 · Sonarsource · Sonarqube

Name of the Vulnerable Software and Affected Versions: SonarSource SonarQube versions prior to 9.9.5 LTA SonarSource SonarQube versions prior to 10.5 Description: An issue was discovered in SonarSource SonarQube where a user with the Administrator role can modify an existing configuration of a...

Contributor License Agreement assistant Security Vulnerabilities

Contributor License Agreement assistant CLA assistant is a Javascript-based contributor agreement management software from the cla-assistant team that integrates with Github. The software provides the ability to ask contributors to sign a CLA when they pull code. The Contributor License Agreement...

CVE-2023-39175

In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from an attacker'...

PT-2022-19259 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.6 through 15.2.5 GitLab CE/EE versions 15.3 through 15.3.4 GitLab CE/EE versions 15.4 through 15.4.1 Description: An issue has been discovered in GitLab CE/EE where a malicious maintainer could exfiltrate a GitHub...

Zammad 代码问题漏洞

Zammad is a web-based open source help desk/customer support system. server-side request forgery vulnerability exists in GitHub, GitLab integration in versions prior to Zammad 4.1.1. No detailed vulnerability details are currently available...

Cla-assistant Security Vulnerability

Cla-assistant is a Javascript-based contributor agreement management software from the Cla-assistant team that integrates with Github. The software provides the ability to ask for a signed CLA when a contributor pulls code. A security vulnerability exists in CLA-Assistant version 2.8.5 and earlie...

CVE-2019-13121

An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control...

UBUNTU-CVE-2019-6788

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure issue 3 of 6. For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the us...