GitHub: PATs without the required scope can leak issues

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security Update (Important) (RHSA-2026:0361)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0361 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...

RHEL 9 : Red Hat Ansible Automation Platform 2.6 Product Security Update (Important) (RHSA-2026:0360)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0360 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...

GO-2025-4197 Mattermost Server exposes OAuth personal access tokens to attackers in github.com/mattermost/mattermost-server

Mattermost Server exposes OAuth personal access tokens to attackers in github.com/mattermost/mattermost-server...

Exploit for Deserialization of Untrusted Data in Facebook React

🛡️ GitHub Vulnerability Scanner for CVE-2025-55182 React/Next...

EUVD-2020-0075

Malware in sbrugna...

EUVD-2018-11258

Malware in sbrugna...

EUVD-2024-33317

Malicious code in bioql PyPI...

EUVD-2024-50814

Malicious code in bioql PyPI...

EUVD-2025-0198

Malicious code in bioql PyPI...

EUVD-2025-4201

Malicious code in bioql PyPI...

EUVD-2024-49587

Malicious code in bioql PyPI...

EUVD-2022-24740

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-8114

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an...

Linux Distros Unpatched Vulnerability : CVE-2024-12379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an...

gimmePATz - GitHub Personal Access Token (PAT) Recon Tool 1.0.0

gimmePatz is a recon tool for GitHub PATs. Designed for bug bounty hunters, pentesters and red teams. gimmePatz will tell you what scopes a PAT has, and it will tell you what repositories or GitHub Organizations the PAT is attached to as well...

GHSA-QF34-QPR4-5PPH docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token

GitHub Personal Access Token Exposure in docusaurus-plugin-content-gists Summary docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for...

CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...

CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...

CVE-2024-10824

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token PAT a...