Lucene search
+L

8 matches found

Circl
Circl
added 2025/05/15 8:33 p.m.19 views

CVE-2025-47928

creationtimestamp| type| source ---|---|--- 2025-05-15 20:33:31+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16552 2025-05-15 22:37:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpalbvlsq52h...

9.1CVSS8.5AI score0.0052EPSS
Exploits0References2
NVD
NVD
added 2025/05/15 8:16 p.m.15 views

CVE-2025-47928

Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using pullrequesttarget on .github/workflows/integrationtests.yml followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be execute...

9.1CVSS0.0052EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/05/15 8:16 p.m.16 views

CVE-2025-47928

Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using pullrequesttarget on .github/workflows/integrationtests.yml followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be execute...

9.1CVSS7.2AI score0.0052EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/15 8:9 p.m.12 views

CVE-2025-47928 Spotipy repo vulnerable to secrets exfiltration via `pull_request_target`

Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using pullrequesttarget on .github/workflows/integrationtests.yml followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be execute...

9.1CVSS7.1AI score0.0052EPSS
Exploits0References3
OSV
OSV
added 2025/05/15 8:9 p.m.12 views

CVE-2025-47928 Spotipy repo vulnerable to secrets exfiltration via `pull_request_target`

Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using pullrequesttarget on .github/workflows/integrationtests.yml followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be execute...

9.1CVSS8.9AI score0.0052EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/05/15 8:9 p.m.29 views

CVE-2025-47928 Spotipy repo vulnerable to secrets exfiltration via `pull_request_target`

Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using pullrequesttarget on .github/workflows/integrationtests.yml followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be execute...

9.1CVSS0.0052EPSS
Exploits0References3
CVE
CVE
added 2025/05/15 8:9 p.m.51 views

CVE-2025-47928

CVE-2025-47928 affects the Spotipy Python library for the Spotify Web API. The issue arises from using GitHub Actions pull_request_target, which can execute untrusted code from a fork with base-repo secrets in the context of the base repository. This can lead to exfiltration of secrets such as GI...

9.1CVSS7.2AI score0.0052EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/05/15 8:9 p.m.11 views

CVE-2025-47928

Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using pullrequesttarget on .github/workflows/integrationtests.yml followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be execute...

9.1CVSS8.3AI score0.0052EPSS
Exploits0
Rows per page
Query Builder