Lucene search
K

383 matches found

OSV
OSV
added 2025/03/23 7:10 a.m.4 views

MAL-2025-2607 Malicious code in gh-find-current-pr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0aba54c4eb36c259689cdca7db5a45c0b6cd53c7a27670e8a557c3b802afd97f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/23 7:10 a.m.3 views

Malicious code in gh-find-current-pr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0aba54c4eb36c259689cdca7db5a45c0b6cd53c7a27670e8a557c3b802afd97f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2025/03/21 12:0 a.m.7 views

Ubuntu: Security Advisory (USN-7362-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.00534EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 4:42 p.m.6 views

USN-7362-1 golang-github-cli-go-gh-v2 vulnerability

It was discovered that go-gh incorrectly handled authentication tokens. An attacker could possibly use this issue to leak authentication tokens to the wrong host. CVE-2024-53859...

7.5CVSS7.3AI score0.00534EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/20 12:0 a.m.10 views

Ubuntu 24.04 LTS / 24.10 : go-gh vulnerability (USN-7362-1)

The remote Ubuntu 24.04 LTS / 24.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7362-1 advisory. It was discovered that go-gh incorrectly handled authentication tokens. An attacker could possibly use this issue to leak authentication tokens to the wro...

7.5CVSS6.5AI score0.00534EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2025/03/13 3:10 p.m.8 views

CVE-2025-22869 affecting package gh for versions less than 2.62.0-7

CVE-2025-22869 affecting package gh for versions less than 2.62.0-7. A patched version of the package is available...

7.5CVSS7.6AI score0.00868EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/03/13 3:10 p.m.19 views

CVE-2025-25204 affecting package gh for versions less than 2.62.0-6

CVE-2025-25204 affecting package gh for versions less than 2.62.0-6. A patched version of the package is available...

6.3CVSS6.4AI score0.00375EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/03/13 3:10 p.m.9 views

CVE-2025-27144 affecting package gh for versions less than 2.62.0-7

CVE-2025-27144 affecting package gh for versions less than 2.62.0-7. A patched version of the package is available...

8.7CVSS7.8AI score0.00369EPSS
Exploits0
OSV
OSV
added 2025/03/11 11:10 p.m.3 views

MAL-2025-2258 Malicious code in gh-node-module-generatebom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a04173cc21773450d4bd86768588db1893acb72fbc0336681a1370f3c7e8e781 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/11 11:10 p.m.2 views

Malicious code in gh-node-module-generatebom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a04173cc21773450d4bd86768588db1893acb72fbc0336681a1370f3c7e8e781 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-53859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that...

7.5CVSS6.5AI score0.00534EPSS
Exploits0References3
OSV
OSV
added 2025/02/26 8:14 a.m.6 views

AZL-57353 CVE-2025-22869 affecting package gh for versions less than 2.62.0-7

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

7.5CVSS6.6AI score0.00868EPSS
Exploits0References1
Wolfi
Wolfi
added 2025/02/14 5:19 p.m.5 views

GHSA-FGW4-V983-MGP8 vulnerabilities

Vulnerabilities for packages: gh...

7.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/02/14 5:19 p.m.20 views

`gh attestation verify` returns incorrect exit code during verification if no attestations are present

Summary A bug in GitHub's Artifact Attestation CLI tool, gh attestation verify, may return an incorrect zero exit status when no matching attestations are found for the specified --predicate-type or the default https://slsa.dev/provenance/v1 if not specified. This issue only arises if an artifact...

6.3CVSS7AI score0.00375EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/02/14 5:15 p.m.8 views

AZL-56885 CVE-2025-25204 affecting package gh for versions less than 2.62.0-6

gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...

6.3CVSS7.3AI score0.00375EPSS
Exploits0References1
Wolfi
Wolfi
added 2025/02/14 5:15 p.m.13 views

CVE-2025-25204 vulnerabilities

Vulnerabilities for packages: gh...

6.3CVSS7.2AI score0.00375EPSS
Exploits0
Chainguard
Chainguard
added 2025/02/14 5:15 p.m.8 views

CVE-2025-25204 vulnerabilities

Vulnerabilities for packages: gh...

6.3CVSS7AI score0.00375EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/01/30 8:0 a.m.5 views

go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace

...

7.5CVSS6.3AI score0.00534EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/01/29 5:2 p.m.10 views

CVE-2024-53858 affecting package gh for versions less than 2.62.0-5

CVE-2024-53858 affecting package gh for versions less than 2.62.0-5. A patched version of the package is available...

6.5CVSS6.7AI score0.00279EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2025/01/22 12:0 a.m.5 views

Security update for gh (important)

openSUSE Security Update: Security update for gh Announcement ID: openSUSE-SU-2025:0021-1 Rating: important References: 1233387 Cross-References: CVE-2024-52308 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: This update for g...

9.6CVSS7.3AI score0.00861EPSS
Exploits0References1
Rows per page
Query Builder