CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability in Git

Git is a version control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted .gitmodules file with submodule URLs that were longer than 1024 characters could be used to exploit a bug in...

7.8CVSS8AI score0.06079EPSS

Exploits2References2

Fedora•added 2026/05/02 2:12 a.m.•5 views

[SECURITY] Fedora 44 Update: GitPython-3.1.49-1.fc44

GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...

5.8AI score

Fedora•added 2026/05/02 1:52 a.m.•6 views

[SECURITY] Fedora 43 Update: GitPython-3.1.49-1.fc43

5.8AI score

OSSF Malicious Packages•added 2026/05/01 9:44 p.m.•5 views

Malicious code in graphicsctxs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4786ca298bffb09916e622e06411ae44cb51c842a6eb9bf7bcf445c051463888 Packages in this campaign are used to exfiltrate data from users installing code from prepared Github repositories. Packages contain code to exfiltrate files...

5.8AI score

Exploits0References4

Fedora•added 2026/05/01 3:12 a.m.•4 views

[SECURITY] Fedora 44 Update: glow-2.1.2-1.fc44

Glow is a terminal based markdown reader designed from the ground up to bring out the beauty=E2=80=94and power=E2=80=94of the CLI. Use it to discover mark down files, read documentation directly on the command line. Glow will find local markdown files in subdirectories or a local Git repository...

6.1CVSS5.3AI score0.00287EPSS

Fedora•added 2026/04/30 1:30 a.m.•2 views

[SECURITY] Fedora 42 Update: skopeo-1.22.2-1.fc42

Command line utility to inspect images and repositories directly on Docker registries without the need to pull them...

7.5CVSS6.1AI score0.00274EPSS

Snyk•added 2026/04/28 9:0 p.m.•5 views

Embedded Malicious Code

Overview @cap-js/sqlite is a CDS database service for SQLite Affected versions of this package are vulnerable to Embedded Malicious Code that conceals an obfuscated payload designed to steal developer credentials during the package installation. The malicious versions and their contents are...

Snyk•added 2026/04/28 9:0 p.m.•3 views

Embedded Malicious Code

Overview mbt is a that triggers an 11.6 MB heavily obfuscated script execution.js during package installation. Once executed on a developer's machine, the malware steals the developer's credentials and weaponizes them to automatically create public GitHub repositories under the victim's account...

Snyk•added 2026/04/28 9:0 p.m.•1 views

Embedded Malicious Code

Overview @cap-js/postgres is a CDS database service for Postgres Affected versions of this package are vulnerable to Embedded Malicious Code that conceals an obfuscated payload designed to steal developer credentials during the package installation. The malicious versions and their contents are...

Snyk•added 2026/04/28 9:0 p.m.•8 views

Embedded Malicious Code

Overview @cap-js/db-service is a CDS base database service Affected versions of this package are vulnerable to Embedded Malicious Code that conceals an obfuscated payload designed to steal developer credentials during the package installation. The malicious versions and their contents are activel...

GithubExploit•added 2026/04/24 10:12 a.m.•96 views

SecScan

SecScan Local-LLM-powered security scanner for GitHub repos...

5.6AI score

EUVD•added 2026/04/22 12:31 a.m.•2 views

EUVD-2026-24550

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...

5.3CVSS5.8AI score0.00285EPSS

Exploits0References8

EUVD•added 2026/04/22 12:31 a.m.•5 views

EUVD-2026-24552

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

7.2CVSS5.8AI score0.00222EPSS

Exploits0References8

Tenable Nessus•added 2026/04/22 12:0 a.m.•16 views

Oracle Linux 8 : osbuild-composer (ELSA-2026-8456)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-8456 advisory. 101.4-5.0.1 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image types...

7.5CVSS7.4AI score0.0052EPSS