11 matches found
CVE-2026-27780 Gitea pre-receive hook can miss branch-protection checks after scanner errors
Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...
EUVD-2026-41638
Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...
CVE-2026-1999
CVE-2026-1999 affects GitHub Enterprise Server and is an incorrect authorization vulnerability in the enable_auto_merge mutation for pull requests. An attacker could merge their own PR into a repository without push access under specific conditions: the repository must allow forking, a clean PR s...
EUVD-2021-9998
Malicious code in bioql PyPI...
EUVD-2021-9996
Malicious code in bioql PyPI...
Hardcoded credentials
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. In versions of Onedev prior to 7.3.0 unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint is used by the pre-receive git hook on the...
CVE-2021-22863
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...
CVE-2021-22861
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...
Improper access control
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...
CVE-2021-22863 Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...
CVE-2021-22863
CVE-2021-22863 is an improper access control vulnerability in GitHub Enterprise Server’s GraphQL API. It allowed authenticated users to modify the maintainer collaboration permission on a pull request, potentially exposing head branches of repos where they are a maintainer. Affected versions span...