Insights into Security-Related AI-Generated Pull Requests

Recent years have experienced growing contributions of AI coding agents that assist human developers in various software engineering tasks. However, this growing AI-assisted autonomy raises questions about security and trust. In this paper, we analyze more than 33,000 AI-generated pull requests P...

EUVD-2022-35136

Malicious code in bioql PyPI...

EUVD-2023-38214

Malicious code in bioql PyPI...

EUVD-2025-29089

Malicious code in bioql PyPI...

CVE-2022-50373 fs: dlm: fix race in lowcomms

In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix race in lowcomms This patch fixes a race between queuework in dlmlowcommscommitmsg and srcureadunlock. The queuework can take the final reference of a dlmmsg and so msg-idx can contain garbage which is signaled by th...

CVE-2025-10340

Summary (MODE C): CVE-2025-10340 affects WhatCD Gazelle, specifically the Change Log utility in the Commit Message Handler. The vulnerability is a cross-site scripting flaw triggered by manipulating the Message argument in /sections/tools/managers/change_log.php. Exploitation can be performed rem...

CVE-2025-10340 WhatCD Gazelle Commit Message change_log.php cross site scripting

A vulnerability was determined in WhatCD Gazelle up to 63b337026d49b5cf63ce4be20fdabdc880112fa3. The affected element is an unknown function of the file /sections/tools/managers/changelog.php of the component Commit Message Handler. Executing manipulation of the argument Message can lead to cross...

PT-2025-37365

Name of the Vulnerable Software and Affected Versions: WhatCD Gazelle versions prior to 63b337026d49b5cf63ce4be20fdabdc880112fa3 Description: A vulnerability exists in WhatCD Gazelle that allows for cross-site scripting. The issue is located in an unknown function within the...

Linux Distros Unpatched Vulnerability : CVE-2022-2908

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all...

Malicious code in pre-commit-message-test (npm)

The package pre-commit-message-test was found to contain malicious code...

MAL-2025-29604 Malicious code in pre-commit-message-test (npm)

The package pre-commit-message-test was found to contain malicious code...

CVE-2023-34112

JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the bytedeco/javacpp-presets use the github.event.headcommit.message​ parameter in an insecure way. For example, the commit message is used in a run statement - resulting in a command injection...

CVE-2022-49757 EDAC/highbank: Fix memory leak in highbank_mc_probe()

In the Linux kernel, the following vulnerability has been resolved: EDAC/highbank: Fix memory leak in highbankmcprobe When devresopengroup fails, it returns -ENOMEM without freeing memory allocated by edacmcalloc. Call edacmcfree on the error handling path to avoid a memory leak. bp: Massage comm...

CVE-2024-50301 security/keys: fix slab-out-of-bounds in key_task_permission

In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in keytaskpermission KASAN reports an out of bounds read: BUG: KASAN: slab-out-of-bounds in kuidval include/linux/uidgid.h:36 BUG: KASAN: slab-out-of-bounds in uideq include/linux/uidgid.h:63...

CVE-2024-50210 posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()

In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it calls fget for the clockid's fd, and get the clk-rwsem read lock, so the error path should release the lock to make the lock balance...

MAL-2024-9461 Malicious code in git-commit-message-convention (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94d09a62681923adfe2316c61633ccb26eeaa743e0350118824ffd40bb4c038c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-43819

In the Linux kernel, the following vulnerability has been resolved: kvm: s390: Reject memory region operations for ucontrol VMs This change rejects the KVMSETUSERMEMORYREGION and KVMSETUSERMEMORYREGION2 ioctls when called on a ucontrol VM. This is necessary since ucontrol VMs have kvm-arch.gmap s...

CVE-2024-42081

In the Linux kernel, the following vulnerability has been resolved: drm/xe/xedevcoredump: Check NULL before assignments Assign 'xedevcoredumpsnapshot ' and 'xedevice ' only if 'coredump' is not NULL. v2 - Fix commit messages. v3 - Define variables before code.Ashutosh/Jose v4 - Drop return check...

CVE-2024-42081

CVE-2024-42081 affects the Linux kernel component drm/ xe/ xe_devcoredump. The root cause was assigning xe_devcoredump_snapshot* and xe_device* unconditionally; the fix adds a NULL check and only assigns these pointers when coredump is not NULL. CVSS: Low-Privilege Local access with Medium overal...

BIT-GITLAB-2022-2908

A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit messag...