CVE-2021-22245

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

CVE-2021-32816

ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the referenced...

CVE-2021-34122

The function bitstrtell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference...

CVE-2021-21275

The MediaWiki "Report" extension has a Cross-Site Request Forgery CSRF vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit...

CVE-2021-22185

Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki...

CVE-2021-37690

TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions such as MutableHashTableShape produce extra output information in the form of a ShapeAndType struct. The shapes embedded in this struct are owned by an inferenc...

CVE-2021-37636

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...

CVE-2021-32774

DataDump is a MediaWiki extension that provides dumps of wikis. Prior to commit 67a82b76e186925330b89ace9c5fd893a300830b, DataDump had no protection against CSRF attacks so requests to generate or delete dumps could be forged. The vulnerability was patched in commit...

CVE-2020-22882

Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61...

CVE-2018-1000660

TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function getpackagename in the file kernel/src/tbfheader.rs, variable "pub packagename: &'static str," in the file process.r...

RUSTSEC-2025-0062 Heap Buffer Overflow in the DrainCol Destructor

An off-by-one error in the DrainCol::drop destructor could cause an unsafe memory copy operation to exceed the bounds of the associated vector. The error was related to the size of the data being copied in one of the ptr::copy invocations inside the destructor. When removing the first column from...

CVE-2019-15734

An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these...

CVE-2018-1000618

EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abiserializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit...

CVE-2019-6794

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure issue 5 of 6. A project guest user can view the last commit status of the default branch...

CVE-2019-1010176

JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function litchartoutf8bytes jerry-core/lit/lit-char-helpers.c:377. The attack vector is: executing crafted...

CVE-2025-47942

The CVE-2025-47942 entry describes a vulnerability in the Open edX Platform (edxapp) where, prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, there was no built-in protection to prevent downloading the python_lib.zip asset from courses. This could allow access to custom grading code or co...

CVE-2025-48064

GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network...

CVE-2025-48064 GitHub Desktop vulnerable to maliciously crafted file renames leading to information disclosure

GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network...

CVE-2025-48064 GitHub Desktop vulnerable to maliciously crafted file renames leading to information disclosure

GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network...

AZL-61967 CVE-2024-23337 affecting package jq for versions less than 1.6-3

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...