SIExVulTS: Sensitive Information Exposure Vulnerability Detection System Using Transformer Models and Static Analysis

Sensitive Information Exposure SIEx vulnerabilities CWE-200 remain a persistent and under-addressed threat across software systems, often leading to serious security breaches. Existing detection tools rarely target the diverse subcategories of CWE-200 or provide context-aware analysis of code-lev...

CVE-2025-8715

Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...

Cross-site Scripting (XSS)

@auth0/nextjs-auth0 is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious code via an error query parameter processed by the callback handler as an error message...

GitHub Security Lab: [javascript] CWE-117: CodeQL query to detect Log Injection

This bug was reported directly to GitHub Security Lab...

CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...