1089 matches found
GitHub Security Lab: CodeQL query to detect open Spring Boot actuator endpoints
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: gagliardetto: Query to detect incorrect conversion between numeric types
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Add check for disabled HTTPOnly setting in Tomcat
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: CWE-532 sensitive info logging
This bug was reported directly to GitHub Security Lab...
Kubernetes: Internal IP addresses range and AWS cluster region leaked in a Github repository
Report Submission Form Summary: I was exploring the GitHub repository and found some internal IP address and its cluster region related to AWS cluster. So i decided to report it to you. Please have a look and let me know. Steps To Reproduce: VISIT THIS LINK : Repository - kubernetes / kubernetes...
GitHub Security Lab: CodeQL query to detect SSRF in Python
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Initial websocket support for Javascript (SockJS)
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Go/CWE-643: XPath Injection Query in Go
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CPP: Out of order Linux permission dropping without checking return codes
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CWE-094 ScriptEngine in java
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: XPath Injection query in java
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java (Maven): Actually fix the use of insecure protocol to download/upload artifacts
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query for finding ReDoS and Regex Injection vulnerabilities in Java
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Dynamic reflection class
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query for finding LDAP Injection (CWE-90) vulnerabilities in Java
This bug was reported directly to GitHub Security Lab...
CVE-2020-5234
MessagePack for C and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps...
CVE-2020-5234
MessagePack for C and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps...
CVE-2020-5234
CVE-2020-5234 affects MessagePack for C# and Unity before version 1.9.11 and 2.1.90, where deserializing untrusted data can cause a DoS via hash collisions or stack overflow. The issue is documented across multiple sources (NVD, GitHub advisory GHSA-7Q36-4XX7-XCXF, Red Hat/RH entries, OSV) and is...
CVE-2020-5234 Untrusted data can lead to DoS attack in MessagePack for C# and Unity
MessagePack for C and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps...
GitHub Security Lab: CodeQL query for finding CSRF vulnerabilities in Spring applications
This bug was reported directly to GitHub Security Lab...