CVE-2026-10729

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

CVE-2026-44310

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

EUVD-2024-3224

Malicious code in bioql PyPI...

CVE-2024-51746

CVE-2024-51746 affects gitsign. The vulnerability arises when Rekor’s search API is used to verify a signature: the API may return entries that match either the public key or the payload, not both. As a result, gitsign could select an incorrect Rekor entry during online verification, and, because...

Gitsign Security Vulnerabilities

Gitsign is a tool for Gitsign individual developers to sign Git commits key-free. A security vulnerability exists in Gitsign version 0.6.0 through versions prior to 0.8.0, which stems from the fact that the Rekor public key is obtained through the Rekor API, not through the local TUF client, and...

[SECURITY] Fedora 36 Update: fzf-0.30.0-3.fc36

fzf is a general-purpose command-line fuzzy finder. It's an interactive Unix filter for command-line that can be used with any list; files, command history, processes, hostnames, bookmarks, git commits, etc...

CVE-2021-37665

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

Searching Through Git Commits

gumbler is a script I wrote to search through git commits. Examples from github are discussed below. .gitignore A gitignore file is used to specify files that should not be tracked by git source gitignore. In the default case, gumbler will read the gitignore file for the project and search every...

Searching Through Git Commits

gumbler is a script I wrote to search through git commits. Examples from github are discussed below. .gitignore A gitignore file is used to specify files that should not be tracked by git source gitignore. In the default case, gumbler will read the gitignore file for the project and search every...

[oss-security] Fwd: [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont

ANNOUNCE XOrg Security Advisory: Multiple issues in libXfont.eml Тема: ANNOUNCE X.Org Security Advisory: Multiple issues in libXfont От: Alan Coopersmith [email protected] Дата: 13.05.2014 19:08 Кому: [email protected] Копия: [email protected], [email protected] X.Org Securi...