973 matches found
GitHub Security Lab: [Java]: Add XXE sinks
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: Static initialization vector
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [C#]: Deserialization sinks
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: Timing attacks while comparing results of cryptographic operations
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [C#]: HttpOnly and Secure Cookies for .NET Core and .NET
This bug was reported directly to GitHub Security Lab...
Exploit for Deserialization of Untrusted Data in Apache Ofbiz
CVE-2020-9496 Because the 2 xmlrpc related requets in webtools...
GitHub Security Lab: [Java] CWE-601: Add Spring URL Redirect ResponseEntity sink
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Python]: Add SqlAlchemy support for SQL injection query
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Python] CWE-287: LDAP Improper Authentication
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java] CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: Unsafe deserialization with Jackson
This bug was reported directly to GitHub Security Lab...
CVE-2021-32783
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy...
GitHub Security Lab: [go]: Add query for detecting CORS misconfiguration
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java]: CWE 295 - Insecure TrustManager - MiTM
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java]: CWE-665 Insecure environment during RMI/JMX Server initialisation - All for one bounty
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java] JShell Injection
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java]: CWE 295 - Insecure TrustManager - MiTM
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java] CWE-918: Added URLClassLoader and WebClient SSRF sinks
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: CodeQL query for unsafe RMI deserialization
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [GO] CWE-1004: Sensitive cookie without HttpOnly
This bug was reported directly to GitHub Security Lab...