398 matches found
GitHub Security Lab: CPP: Out of order Linux permission dropping without checking return codes
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Go/CWE-643: XPath Injection Query in Go
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CPP: Out of order Linux permission dropping without checking return codes
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java/CWE-036: Calling openStream on URLs created from remote source can lead to file disclosure
This bug was reported directly to GitHub Security Lab...
Command Injection
Overview adb-driver is a Universal Android USB Driver. Affected versions of this package are vulnerable to Command Injection. The argument command can be controlled by users without any sanitization. PoC var root = require"adb-driver"; root.execADBCommand' & touch Song'; the injection point is...
GitHub Security Lab: CWE-094 ScriptEngine in java
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: XPath Injection query in java
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java (Maven): Actually fix the use of insecure protocol to download/upload artifacts
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query for finding ReDoS and Regex Injection vulnerabilities in Java
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Dynamic reflection class
This bug was reported directly to GitHub Security Lab...
Command Injection
Overview promise-probe is a FFprobe wrapper. Affected versions of this package are vulnerable to Command Injection via the ffprobefile and createMuteOggoutputFile, options functions. file,outputFile,options can be controlled by users without any sanitization PoC by JHU System Security Lab js var...
GitHub Security Lab: CodeQL query for finding LDAP Injection (CWE-90) vulnerabilities in Java
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query for finding CSRF vulnerabilities in Spring applications
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query to detect weak (duplicated) encryption keys for ASP.NET Telerik Upload
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java (Maven): Use of insecure protocol to download/upload artifacts
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Netty HTTP Response Splitting (CRLF Injection) due to disabled header validation
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query to detect insecure MaxLengthRequest values in ASP.NET applications
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query to detect pages with validationRequest disabled
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Adds CodeQL query to check for insecure RequestValidationMode in ASP.NET
This bug was reported directly to GitHub Security Lab...
Exploit for CVE-2018-11776
GitHub Security Lab This is the main git repository of GitHu...