26 matches found
CVE-2025-23040
GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop...
EUVD-2025-3091
Malicious code in bioql PyPI...
EUVD-2025-16050
Malicious code in bioql PyPI...
CVE-2025-48064
GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network...
CVE-2025-48064
GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network...
CVE-2025-48064 GitHub Desktop vulnerable to maliciously crafted file renames leading to information disclosure
GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network...
CVE-2025-48064
GitHub Desktop on Windows prior to 3.4.20-beta3 is vulnerable: when viewing a file diff in the history view, Git calls git log/diff with the commit SHA and file names, and realpath traversal may cause Git to access a UNC network path, potentially leaking environment data via NTLM authentication (...
CVE-2025-48064 GitHub Desktop vulnerable to maliciously crafted file renames leading to information disclosure
GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network...
CVE-2025-48064 GitHub Desktop vulnerable to maliciously crafted file renames leading to information disclosure
GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network...
PT-2025-22411 · Github · Github Desktop
Name of the Vulnerable Software and Affected Versions: GitHub Desktop versions prior to 3.4.20 Description: The issue affects GitHub Desktop users on Windows, where an attacker can cause information disclosure by convincing a user to view a malicious file in the history view. This happens because...
GitHub Desktop 信息泄露漏洞
GitHub Desktop is a GitHub desktop version of GitHub Desktop open source. An information disclosure vulnerability exists in versions prior to GitHub Desktop 3.4.20-beta3, which stems from an attempt by Git to access a network share that could lead to information disclosure...
GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials. "Git implements a protocol called Git Credential Protocol to retrieve...
CVE-2025-23040
GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop...
CVE-2025-23040 Maliciously crafted remote URLs could lead to credential leak in GitHub Desktop
GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop...
CVE-2025-23040 Maliciously crafted remote URLs could lead to credential leak in GitHub Desktop
GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop...
CVE-2025-23040
CVE-2025-23040 affects GitHub Desktop prior to 3.4.12. A maliciously crafted remote URL can cause the credential request from Git to be misinterpreted by GitHub Desktop via the git-credential protocol, leading to exfiltration of credentials (GitHub username, OAuth tokens, or other remote-host cre...
CVE-2025-23040 Maliciously crafted remote URLs could lead to credential leak in GitHub Desktop
GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop...
GitHub Desktop 安全漏洞
GitHub Desktop is a GitHub desktop version of GitHub Desktop open source. A security vulnerability exists in GitHub Desktop versions prior to 3.4.12, which stems from an attacker inducing a user to clone a repository, either directly or through a submodule, which could allow an attacker to access...
PT-2025-4786 · Github · Github Desktop
Name of the Vulnerable Software and Affected Versions: GitHub Desktop versions prior to 3.4.12 Description: An attacker can access a user's credentials by convincing them to clone a repository directly or through a submodule using a maliciously crafted remote URL. GitHub Desktop relies on Git for...
New Stealer Uses Invalid Cert To Compromise Systems
New Stealer Uses Invalid Cert To Compromise Systems By Mohinder Gill, Mallikarjun Wali and Sangram Mohapatro · November 07, 2024 A new Stealer has been making the rounds. Its name: Fickle. Fickle Stealer is a new Rust-based information stealer that spreads through various attack vectors, includin...