30 matches found
CVE-2026-20031
A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...
EUVD-2023-43162
Malicious code in bioql PyPI...
Malicious code in echo-cla-project (npm)
The package echo-cla-project was found to contain malicious code...
MAL-2025-19125 Malicious code in echo-cla-project (npm)
The package echo-cla-project was found to contain malicious code...
CVE-2021-21471
In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application...
Hello DCO, Goodbye CLA: Simplifying Contributions to Spring
The Spring team will be rolling out a simplified contribution process that replaces the requirement to sign a Contributor License Agreement CLA with a Developer Certificate of Origin DCO. The process will start this week with Spring Framework, Spring Security, & Spring Boot and then roll out to t...
CVE-2023-39438
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...
CVE-2023-39438
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...
Authorization
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...
CVE-2023-39438
CLA-assistant’s API suffers from a missing authorization check that allows any authenticated user to perform certain operations, including reading CLA data (and signer details) and updating or deleting CLA configurations for repositories or organizations. Stored GitHub tokens are not exposed in A...
CVE-2023-39438 Missing Authorization check allows certain operations on CLA Assistant data
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...
CVE-2023-39438 Missing Authorization check allows certain operations on CLA Assistant data
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...
PT-2023-26948 · Unknown · Cla-Assistant
Name of the Vulnerable Software and Affected Versions: CLA-assistant affected versions not specified Description: A missing authorization check in the CLA-assistant API allows an arbitrary authenticated user to perform certain operations by executing specific additional steps. This enables the us...
cla.org.uk Cross Site Scripting vulnerability OBB-3242077
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious code in hellosign-embedded-cla (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 48e040d099ac8087da48a2e03051478f6929f6ccc2c841992999d9160c6d8ef6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-496 Malicious code in hellosign-embedded-cla (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 48e040d099ac8087da48a2e03051478f6929f6ccc2c841992999d9160c6d8ef6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Contributor License Agreement assistant 授权问题漏洞
Contributor License Agreement assistant CLA assistant is a Javascript-based contributor agreement management software from the cla-assistant team that integrates with Github. It provides the ability to ask contributors to sign a CLA when they pull code. An authorization issue vulnerability exists...
CVE-2022-29617
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application...
CVE-2022-29617
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application...
CVE-2022-29617
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application...