Information Disclosure

gitlab is vulnerable to Information Disclosure. This allows an admin to leak passwords through a repository mirror configuration...

The vulnerability in the IPS repository of Oracle Solaris operating systems allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability in the IPS repository of Oracle Solaris operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF in GitHub repository builderio/qwik prior to 0.104.0...

CVE-2023-1070 External Control of File Name or Path in nilsteampassnet/teampass

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

CVE-2023-22490

Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort loca...

usememos/memos Improper Access Control vulnerability

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0...

CVE-2022-23738 Incomplete cache verification issue in GitHub Enterprise Server leading to exposure of private repo files

An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to crea...

PYSEC-2022-271

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...

CVE-2022-2289

Use After Free in GitHub repository vim/vim prior to 9.0...

CVE-2022-1898

Use After Free in GitHub repository vim/vim prior to 8.2...

CVE-2022-1382

NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system...

pytorch-lightning 代码注入漏洞

Pytorch-Lightning is an open source lightweight PyTorch wrapper for high-performance Ai research. Used for high-performance Ai research, Pytorch-Lightning is vulnerable to a code injection vulnerability that could be exploited to inject code into the GitHub repository...

CVE-2022-0419

NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0...

Oracle Hyperion 安全漏洞

An unauthorized access vulnerability exists in the Repository component of Oracle Hyperion Financial Reporting, version 11.2.6.0. An attacker could use this vulnerability to compromise Hyperion Financial Reporting by accessing the network via HTTP to obtain sensitive information, among other thin...

The vulnerability of the add-apt-repository utility in the Ubuntu operating system allows a perpetrator to compromise the integrity of protected information.

The vulnerability of the add-apt-repository utility in the Ubuntu operating system exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to compromise the integrity of protected information...

CVE-2021-25756

In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS...

CVE-2013-2294

CVE-2013-2294 concerns ViewGit, with XSS vulnerabilities in the web UI prior to 0.0.7. The issues are triggered when a remote repository user injects malicious data via git branch or tag names, affecting the Shortlog table in templates/shortlog.php and the Heads table in plates/summary.php. The v...

Git LFS: Arbitrary command execution in repositories with Git LFS enabled - CVE-2017-17831

The embedded version of Git LFS|https://git-lfs.github.com used in Sourcetree for macOS was vulnerable to CVE-2017-17831. An attacker can exploit this issue if they can commit to a git repository linked in Sourcetree for macOS by adding a .lfsconfig file containing a malicious lfs url, allowing...

The vulnerability of the Android operating system from the CAF repository exists due to insufficiently robust data encryption. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Android operating system from the CAF repository is related to insufficiently robust data encryption. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information, as insecure algorithms we...

CVE-2012-4400

repository/repositoryajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field...