ROOT-APP-NPM-CVE-2025-25290 CVE-2025-25290 in @rootio/octokit__request - Patched by Root

Root has patched CVE-2025-25290 in the @rootio/octokitrequest package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-25288 CVE-2025-25288 in @rootio/octokit__plugin-paginate-rest - Patched by Root

Root has patched CVE-2025-25288 in the @rootio/octokitplugin-paginate-rest package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-25289 CVE-2025-25289 in @rootio/octokit__request-error - Patched by Root

Root has patched CVE-2025-25289 in the @rootio/octokitrequest-error package for Root:npm. Multiple fixed versions available...

CLEANSTART-2026-QY24299 @octokit/endpoint turns REST API endpoints into generic request options

Multiple security vulnerabilities affect the mongosh package. @octokit/endpoint turns REST API endpoints into generic request options. See references for individual vulnerability details...

CVE-2022-31072

Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...

EUVD-2025-4103

Malicious code in bioql PyPI...

EUVD-2022-6044

Malicious code in bioql PyPI...

EUVD-2025-4104

Malicious code in bioql PyPI...

EUVD-2025-4102

Malicious code in bioql PyPI...

EUVD-2023-3265

Malicious code in bioql PyPI...

EUVD-2025-4099

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-31072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the g...

CVE-2025-25289

A Regular Expression Denial of Service ReDoS vulnerability exists in @octokit/request-error's processing of HTTP request headers. This flaw is triggered by an authorization header containing an excessively long sequence of spaces followed by a newline and "@" symbol, leading to excessive resource...

CVE-2025-25289

@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...

CVE-2025-25290

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...

CVE-2025-25290

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...

CVE-2025-25288

@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a...

CVE-2025-25285

@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...

CVE-2025-25290

CVE-2025-25290 affects Octokit’s request.js: the code path that parses HTTP Link headers uses an unbounded RegExp (/]+)>; rel="deprecation"/) to match deprecation links. This enables a ReDoS (Regular Expression Denial of Service) by crafted link headers, causing high CPU use and potential serv...

CVE-2025-25290 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...