Security update for docker-stable

This update for docker-stable fixes the following issues: Include historical changelog data from before the docker-stable fork. The initial changelog entry did technically provide all the necessary information, but our CVE tracking tools do not understand how the package is forked and so it seems...

SUSE-SU-2025:03540-1 Security update for docker-stable

This update for docker-stable fixes the following issues: - Include historical changelog data from before the docker-stable fork. The initial changelog entry did technically provide all the necessary information, but our CVE tracking tools do not understand how the package is forked and so it see...

CVE-2025-10281

BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...

CVE-2025-10282

BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...

CVE-2025-10283

BBOT's gitdumper module could be abused to execute commands through a malicious git repository...

BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE

Summary bbot's gitdumper.py insufficiently sanitises a .git/config file, leading to Remote Code Execution RCE. bbot's gitdumper.py can be made to consume a malicious .git/index file, leading to arbitrary file write which can be used to achieve Remote Code Execution RCE. Impact A user who uses bbo...

GHSA-63WH-P5FX-H4VC BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver

Summary Due to unsafe URL handling, bbot's gitclone.py can be made to leak a user's github.com API key to an attacker-controlled webserver. Impact A user who has placed their github.com API key in the configuration for any of the following modules: githubcodesearch githubworkflows gitlab gitclone...

BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver

Summary Due to unsafe URL handling, bbot's gitclone.py can be made to leak a user's github.com API key to an attacker-controlled webserver. Impact A user who has placed their github.com API key in the configuration for any of the following modules: githubcodesearch githubworkflows gitlab gitclone...

EUVD-2025-33396

BBOT's gitclone.py can expose users' GitHub API keys to an attacker-controlled webserver...

Information Exposure

Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Information Exposure via gitclone. An attacker can obtain sensitive information by tricking a user into cloning a repository using a specially crafted URL that causes the API key to be sent to an...

Information Exposure

Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Information Exposure via the gitlab process. An attacker can obtain sensitive API key information by tricking the system into connecting to a maliciously crafted git URL. Remediation Upgrade bbot...

CVE-2025-10282

BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...

CVE-2025-10281

BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...

CVE-2025-10283

BBOT’s gitdumper module is vulnerable due to insufficient sanitization of .git data, enabling Directory Traversal that can lead to Remote Code Execution when processing a malicious git repository. Affected component: bb ot gitdumper.py (processing of .git/config and related index/file handling as...

CVE-2025-10283 Improper .git Sanitization in gitdumper Enables RCE

BBOT's gitdumper module could be abused to execute commands through a malicious git repository...

CVE-2025-10282 GitLab Domain Confusion in gitlab Leaks API Key

BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...

CVE-2025-10282

BBOT's gitlab module exposes GitLab API keys by using a maliciously formatted git URL, leading to information exposure to an attacker-controlled server. Multiple sources (including Red Hat CVE entry and accompanying advisories) describe the issue as a leak of the user’s API key when bb ot process...

CVE-2025-10282 GitLab Domain Confusion in gitlab Leaks API Key

BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...

CVE-2025-10281

BBOT’s git_clone vulnerability stems from unsafe URL handling that can cause exposure of GitHub API keys to an attacker-controlled server when processing a specially crafted git URL. The CVE description and multiple advisories (Red Hat, GHSA, EUVD, OSV, NVD, CVELIST, and Snyk) consistently refere...

Security update for git

This update for git fixes the following issues: Update to 2.51.0: CVE-2025-27613: arbitrary writable file creation and truncation in Gitk bsc1245938 CVE-2025-27614: arbitrary script execution via repo clonation in gitk bsc1245939 CVE-2025-46835: untrusted repository cloning can lead to arbitrary...