102 matches found
EUVD-2025-19118
Malicious code in bioql PyPI...
EUVD-2024-35272
Malicious code in bioql PyPI...
EUVD-2021-28612
Malicious code in bioql PyPI...
EUVD-2024-1475
Malicious code in bioql PyPI...
CVE-2025-54528
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow...
CVE-2025-54528
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow...
CVE-2025-54528
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow...
CVE-2025-54528
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow...
CVE-2025-54528
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow...
CVE-2025-54528
CVE-2025-54528 affects JetBrains TeamCity prior to version 2025.07, with a cross-site request forgery (CSRF) vulnerability in the GitHub App connection flow. The NVD and vendor-linked records confirm CSRF exposure in TeamCity’s GitHub integration, with the CVSS vectors indicating independently ex...
CVE-2025-6600 GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Search API
An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API...
CVE-2025-52480
Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities, an argument injection is possible in the...
CVE-2025-52483
Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities a shell script injection can occur within the...
CVE-2025-52477
CVE-2025-52477 affects Octo-STS, a GitHub App acting as a Security Token Service for the GitHub API. The vulnerability is an unauthenticated SSRF that can be triggered by abusing fields in OpenID Connect tokens, causing internal network requests and potential exposure of sensitive information in ...
PT-2025-27002 · Github · Octo-Sts
Name of the Vulnerable Software and Affected Versions: Octo-STS versions prior to v0.5.3 Description: Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. The issue allows for unauthenticated Server-Side Request Forgery SSRF by abusing fields in OpenID Connect...
CVE-2025-52483
Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities a shell script injection can occur within the...
CVE-2025-52480
CVE-2025-52480 affects Registrator.jl. If the clone URL from GitHub is malicious (or injected via upstream vulnerabilities), an argument injection in the gettreesha() function can enable remote code execution. Impact is described as a potential RCE; affected versions are prior to 1.9.5. Remediati...
CVE-2025-52480 Registrator.jl Argument Injection Vulnerability
Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities, an argument injection is possible in the...
CVE-2024-35301
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token...
CVE-2024-34079
octo-sts is a GitHub App that acts like a Security Token Service STS for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. This vulnerability is fixed in 0.1.0...