975 matches found
GitHub Security Lab: [python] TarSlip vulnerability improvements
Vulnerability description not provided...
CVE-2022-2166
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0...
GO-2022-0972 Panic in github.com/shamaton/msgpack/v2
Unmarshal can panic on some inputs, possibly allowing for denial of service attacks...
GitHub Security Lab: C/C++: Command injection via wordexp
Vulnerability description not provided...
GitHub Security Lab: [CPP]: Add query for CWE-125 Out-of-bounds Read with different interpretation of the string when use mbtowc
Vulnerability description not provided...
GitHub Security Lab: [CPP]: Add query for CWE-297: Improper Validation of Certificate with Host Mismatch
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java]: CWE-625 - Query to detect regex dot bypass
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [JAVA]: Partial Path Traversal
This bug was reported directly to GitHub Security Lab...
Malicious code in kara-phantomjs-launcher (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1d7f48c0a82f0da502426b6d31515c48dbbf0bae15494b2a1a2f1735f4248b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
Cross site scripting
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
CVE-2021-32862
CVE-2021-32862 is a cross-site scripting (XSS) vulnerability in nbconvert when generating HTML from user-controlled notebooks. The GitHub Security Lab disclosed sixteen routes to inject arbitrary HTML into HTML exports (e.g., nbviewer). Connected advisories confirm nbconvert is affected and provi...
GHSA-9JMQ-RX5F-8JWQ nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
Most of the fixes will be in this repo, though, so having it here gives us the private fork to work on patches Below is currently a duplicate of the original report: ---- Received on [email protected] unedited, I'm not sure if we want to make it separate advisories. Pasted raw for now, feel fr...
EUVD-2022-34897
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5...
ownCloud: GitHub Security Lab (GHSL) Vulnerability Report: SQLInjection in FileContentProvider.kt (GHSL-2022-059)
Vulnerability description not provided...
Xxe
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...
CVE-2022-31582
The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31581
CVE-2022-31581 affects the scorelab/OpenMF repository. Affected: OpenMF before 2022-05-03. The issue is an absolute path traversal caused by the unsafe use of Flask’s send_file function. Exploit details, affected versions beyond the stated date, and remediation steps are not provided in the conne...
GitHub Security Lab: PYTHON: CWE-079 - Add query for email injection
This bug was reported directly to GitHub Security Lab...