184 matches found
CVE-2026-25761
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...
CVE-2026-25761 Command injection via crafted filenames in Super-linter Action
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...
CVE-2026-25761 Command injection via crafted filenames in Super-linter Action
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...
GHSA-R79C-PQJ3-577X Super-linter is vulnerable to command injection via crafted filenames in Super-linter Action
Summary The Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull request that introduces a file whose name contains shell command substitution syntax, such as $.... In...
CVE-2025-68267
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...
CVE-2025-68267
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...
CVE-2025-68267
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...
CVE-2025-68267
CVE-2025-68267 affects JetBrains TeamCity versions prior to 2025.11.1. Root cause: TeamCity stored a GitHub personal access token instead of an installation token, enabling excessive privileges. Documented impact in connected Nessus advisory (multiple vulnerabilities for pre-2025.11.1). Remediati...
EUVD-2025-203763
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...
CVE-2025-68267
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...
PT-2025-51718
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...
Exploit for CVE-2025-13595
CIBELES AI extractTo$extractDir; $rootInsideZip = $extrac...
MAL-2025-191347 Malicious code in @voiceflow/exception (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2eb8d68b66e59da1a4b42db0ac46ad31c940a051f6d6da86d55cd0ad7ac3f33b The package @voiceflow/exception was found to contain malicious code. Source: ghsa-malware...
CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext
GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...
EUVD-2019-0342
Malware in sbrugna...
EUVD-2018-0238
Malware in sbrugna...
EUVD-2025-28133
Malicious code in bioql PyPI...
EUVD-2025-27001
Malicious code in bioql PyPI...
EUVD-2025-11894
Malicious code in bioql PyPI...
EUVD-2024-1521
Malicious code in bioql PyPI...