Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/03/11 5:4 p.m.30 views

CVE-2026-31852 Jellyfin Possible Organization/Secret Compromise from dangerous CI implementation

Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions nearly all write permissions, this vulnerability enables...

10CVSS0.00445EPSS
Exploits0References2
NCSC
NCSC
added 2026/02/20 10:13 a.m.10 views

Vulnerabilities fixed in GitHub Enterprise Server

GitHub has fixed vulnerabilities in GitHub Enterprise Server Specifically for versions before 3.20, 3.19.2, 3.18.5 and 3.17.11. The first vulnerability concerns an authorization issue that allowed attackers to merge unauthorized pull-requests into repositories that provide fork support. The secon...

7.1CVSS5.6AI score0.0039EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/11/07 12:0 a.m.5 views

Chasing One-Day Vulnerabilities across Open Source Forks

Tracking vulnerabilities inherited from third-party open-source components is a well-known challenge, often addressed by tracing the threads of dependency information. However, vulnerabilities can also propagate through forking: a repository forked after the introduction of a vulnerability, but...

6.8AI score
Exploits0
Silent Robot Systems
Silent Robot Systems
added 2015/01/10 4:0 a.m.9 views

Search all Github Repositories for an Organization

gumbler is a script I wrote to search through git commits and introduced in the blog post "Searching Through Git Commits". Recently I wanted to run Gumbler across all repositories for an organization, the steps are discussed below. First, we need to grab a list of repositories for the ORG. This c...

6.9AI score
Exploits0
Rows per page
Query Builder