GitHub Security Lab: Java: CWE-918 - Server Side Request Forgery (SSRF)

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: Java : add MongoDB injection sinks

This bug was reported directly to GitHub Security Lab...

Users with SCRIPT right can execute arbitrary code in XWiki

Impact Any user with SCRIPT right EDIT right before XWiki 7.4 can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. Patches It has been patched in both version XWi...

GHSA-7QW5-PQHC-XM4G Users with SCRIPT right can execute arbitrary code in XWiki

Impact Any user with SCRIPT right EDIT right before XWiki 7.4 can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. Patches It has been patched in both version XWi...

GitHub Security Lab: [CATENACYBER]: [CPP] CWE-476 Null Pointer Dereference : Another query to either missing or redundant NULL check

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: Query to find TLS configurations supporting hardcoded insecure versions of the protocol and cipher suites

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: CodeQL query to detect XSLT injections

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: [javascript] CWE-117: CodeQL query to detect Log Injection

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: Java: CWE-522 Insecure basic authentication

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: Java: CWE-798 - Hardcoded AWS credentials

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: Golang : Improvements to Golang SSRF query

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: LDAP injection vulnerability in Java

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: Python : Add query to detect Server Side Template Injection

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: Java: CWE-939 - Address improper URL authorization

This bug was reported directly to GitHub Security Lab...

Command Injection in standard-version

GitHub Security Lab GHSL Vulnerability Report: GHSL-2020-111 The GitHub Security Lab team has identified a potential security vulnerability in standard-version. Summary The standardVersion function has a command injection vulnerability. Clients of the standard-version library are unlikely to be...

GHSA-7XCX-6WJH-7XP2 Command Injection in standard-version

GitHub Security Lab GHSL Vulnerability Report: GHSL-2020-111 The GitHub Security Lab team has identified a potential security vulnerability in standard-version. Summary The standardVersion function has a command injection vulnerability. Clients of the standard-version library are unlikely to be...

GitHub Security Lab: [javascript] CWE-020: CodeQL query to detect missing origin validation in cross-origin communication via postMessage

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: [Java] CWE-295 - Incorrect Hostname Verification - MitM

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: CodeQL query to detect OGNL injections

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: Java: CWE-273 Unsafe certificate trust

This bug was reported directly to GitHub Security Lab...