RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence AI-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patche...

Azure Linux 3.0 Security Update: gh (CVE-2024-53859)

The version of gh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53859 advisory. - go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security...

CVE-2025-62379

Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirectto query parameter value directly to client-side links without any validation and triggers automatic clicks when the page loads in a...

GHSA-RFH5-C9H5-Q8JM reflex-dev/reflex has an Open Redirect vulnerability

Mitigation Make sure GITHUBCODESPACESPORTFORWARDINGDOMAIN is not set in a production environment. So the following is correct: assert os.getenv"GITHUBCODESPACESPORTFORWARDINGDOMAIN" is None Vulnerability Description --- Vulnerability Overview - When the GET /auth-codespace page loads in a GitHub...

reflex-dev/reflex has an Open Redirect vulnerability

Mitigation Make sure GITHUBCODESPACESPORTFORWARDINGDOMAIN is not set in a production environment. So the following is correct: assert os.getenv"GITHUBCODESPACESPORTFORWARDINGDOMAIN" is None Vulnerability Description --- Vulnerability Overview - When the GET /auth-codespace page loads in a GitHub...

Open Redirect

Overview reflex is a Web apps in pure Python. Affected versions of this package are vulnerable to Open Redirect via the redirectto query parameter in the /auth-codespace route, which is assigned directly to client-side links without validation and triggers automatic navigation. An attacker can...

CVE-2025-62379

Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirectto query parameter value directly to client-side links without any validation and triggers automatic clicks when the page loads in a...

CVE-2025-62379 Open Redirect in reflex-dev/reflex

Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirectto query parameter value directly to client-side links without any validation and triggers automatic clicks when the page loads in a...

CVE-2025-62379

Reflex (Python web app framework) versions 0.5.4–0.8.14 contain an Open Redirect in the /auth-codespace route: the redirect_to query parameter is assigned directly to client-side links without validation, triggering automatic navigation, which can redirect users to arbitrary external URLs. The vu...

CVE-2025-62379 Open Redirect in reflex-dev/reflex

Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirectto query parameter value directly to client-side links without any validation and triggers automatic clicks when the page loads in a...

ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service DDoS attacks against targets of interest. The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web...

Malicious code in ado-codespaces-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acd2e4a00a6fa99e47e9f10ae7238f2faaf2dd65d07678a4f33037a25ef636c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for CVE-2025-49113

Roundcube RCE Lab CVE-2025-49113 !Open in GitHub Codespac...

Exploit for CVE-2025-49113

Roundcube RCE Lab CVE-2025-49113 !Open in GitHub Codespac...

Exploit for CVE-2025-49113

Roundcube RCE Lab CVE-2025-49113 !Open in GitHub Codespac...

Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

...

SUSE CVE-2024-53859

go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...

DEBIAN-CVE-2024-53859

go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...

GO-2024-3269 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli

Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli...

UBUNTU-CVE-2024-52308

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...