Git Argument Injection via Reference Field in GitHubRepository Block

This report is not public...

PT-2026-21517

Name of the Vulnerable Software and Affected Versions Dell Repository Manager versions prior to 3.4.8 Description Dell Repository Manager DRM has an issue related to an uncontrolled search path element. A local attacker with limited privileges could potentially exploit this, leading to arbitrary...

PT-2026-21562

Name of the Vulnerable Software and Affected Versions free5GC UDR versions prior to 1.4.1 Description The free5GC UDR, a user data repository for the free5GC 5G mobile core network project, contains an Improper Error Handling issue that can lead to Information Exposure. Deployments utilizing the...

Dell Repository Manager 代码问题漏洞

Dell Repository Manager is a repository manager developed by the American company Dell. Versions of Dell Repository Manager prior to 3.4.8 contained a code vulnerability caused by uncontrolled search path elements, which could allow local, low-privilege attackers to execute arbitrary code and gai...

LinkAce 安全漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce 2.4.2 and earlier contained a security vulnerability; this vulnerability stemmed from a storage-type cross-site scripting vulnerability in the list’s Atom...

Malicious Package

Overview naniod is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Security Bulletin: Vulnerability in Apache Commons IO (CVE-2024-47554) affects IBM WebSphere Service Registry and Repository.

Summary An Uncontrolled Resource Consumption vulnerability in Apache Commons IO CVE-2024-47554 affects IBM WebSphere Service Registry and Repository. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

CVE-2026-25229

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI...

CVE-2026-25120

Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment...

CVE-2026-1355

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...

CVE-2026-0573

An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repositorypages API insecurely followed HTTP redirects when fetching artifact URLs, preserving the authorization header containing a...

PT-2026-21286

A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file datasetreposwarehousesrcmainjavacomyeqifubuscontrollerSalesController.java of the component Sales Endpoint. The...

CVE-2026-25229

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI...

CVE-2026-25120

Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment...

CVE-2026-25229 Gogs Authorization Bypass Allows Cross-Repository Label Modification

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI...

CVE-2026-25229

CVE-2026-25229 affects Gogs (self-hosted Git service). In versions 0.13.4 and earlier, the Web UI endpoint POST /:username/:reponame/labels/edit allows cross-repository label tampering: UpdateLabel uses an incorrect database query that bypasses repository ownership validation, letting authenticat...

CVE-2026-25229 Gogs Authorization Bypass Allows Cross-Repository Label Modification

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI...

CVE-2026-25229 Gogs Authorization Bypass Allows Cross-Repository Label Modification

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI...

CVE-2026-25120 Gogs Allows Cross-Repository Comment Deletion via DeleteComment

Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment...

CVE-2026-25120

Gogs CVE-2026-25120 affects versions 0.13.4 and earlier. The issue arises in DeleteComment: the API does not verify that the comment belongs to the repository specified in the URL, allowing a repository administrator to delete comments from other repositories by supplying arbitrary comment IDs. T...