EUVD-2022-1600

Malicious code in bioql PyPI...

EUVD-2023-35452

Malicious code in bioql PyPI...

EUVD-2022-36962

Malicious code in bioql PyPI...

EUVD-2023-0290

Malicious code in bioql PyPI...

EUVD-2024-1009

Malicious code in bioql PyPI...

EUVD-2022-43096

Malicious code in bioql PyPI...

EUVD-2025-28133

Malicious code in bioql PyPI...

CVE-2025-9118

CVE-2025-9118 is a path traversal vulnerability in the NPM package installation process of Google Cloud Dataform. The flaw allows a remote attacker to read and write files in other customers’ repositories via a maliciously crafted package.json. The CVE is rated CRITICAL (CVSS 4.0 base score 10.0)...

CVE-2025-54583

GitProxy (finos/git-proxy) vulnerability CVE-2025-54583 affects version 1.19.1 and earlier; 1.19.2 fixes the issue. The flaw allows pushing to a remote repository while bypassing policy checks and explicit approvals when multiple branches are pushed, enabling code that should be blocked (e.g., se...

GitLab 16.6 < 17.9.7 / 17.10 < 17.10.5 / 17.11 < 17.11.1 (CVE-2025-2443)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: Cross Site Scripting XSS in Maven Dependency Proxy through CSP directives Cross Site Scripting XSS in Maven dependency proxy through cache headers Network Error Logging NEL Header...

CVE-2023-51379

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read...

CVE-2022-30949

Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...

CVE-2022-46257

An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploi...

CVE-2021-43806

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with...

CVE-2020-8920

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users'...

CVE-2020-13316

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line...

PT-2025-19956 · Quay · Quay

Name of the Vulnerable Software and Affected Versions: Quay affected versions not specified Description: A flaw was found in Quay where an organization acting as a proxy cache grants "Admin" permissions on a newly created repository when a user or robot pulls an image that hasn't been mirrored ye...

PT-2025-17916

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw was found in Moodle, specifically a remote code execution risk in the Moodle LMS Dropbox repository. This risk is only available to teachers and managers on sites with the Dropbox...

CVE-2025-3124 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository names

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only...

CVE-2025-3124

CVE-2025-3124 concerns a missing authorization vulnerability in GitHub Enterprise Server that allowed a user to see the names of private repositories they otherwise wouldn’t access via the Security Overview in GitHub Advanced Security. The issue affected all versions prior to 3.17 and was fixed i...