973 matches found
Remote code execution
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...
GitHub Security Lab: ihsinme: CPP add query for CWE-788 Access of memory location after the end of a buffer using strncat.
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java] CWE-489: Query to detect main() method in Java EE applications
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [JavaScript]: add query for Express-HBS LFR
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [golang] Division by zero query
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java] CWE-295: Disabled certificate validation in JXBrowser
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java] CWE-522: Insecure LDAP authentication
This bug was reported directly to GitHub Security Lab...
GHSA-JXWX-85VP-GVWM Regular Expression Denial of Service in jquery-validation
The GitHub Security Lab team has identified potential security vulnerabilities in jquery.validation. The project contains one or more regular expressions that are vulnerable to ReDoS Regular Expression Denial of Service This issue was discovered and reported by GitHub team member @erik-krogh Erik...
Regular Expression Denial of Service in jquery-validation
The GitHub Security Lab team has identified potential security vulnerabilities in jquery.validation. The project contains one or more regular expressions that are vulnerable to ReDoS Regular Expression Denial of Service This issue was discovered and reported by GitHub team member @erik-krogh Erik...
GitHub Security Lab: [Java] CWE-555: Query to detect password in Java EE configuration files
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: QL Query Detector for JHipster Generated CVE-2019-16303
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: 3,880 Pull Requests Generated to fix JHipster RNG Vulnerability CVE-2019-16303
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CPP: CWE-191 into experimental this reveals a dangerous comparison
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java] CWE-755: Query to detect Local Android DoS caused by NFE
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [javascript] CWE-614: CodeQL query to detect if cookies are sent without the flag secure being set
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: CWE-600 Uncaught servlet exception
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [javascript] CWE-90: CodeQL to detect LDAP Injection
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java : add fastjson detection. Improve RemoteFlowSource class, support SpringMvc
This bug was reported directly to GitHub Security Lab...
German COVID-19 Contact-Tracing Vulnerability Allowed RCE
A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App CWA, would have allowed pre-authenticated remote code execution RCE. Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security La...
CVE-2020-26230
Radar COVID is the official COVID-19 exposure notification app for Spain. In affected versions of Radar COVID, identification and de-anonymization of COVID-19 positive users that upload Radar COVID TEKs to the Radar COVID server is possible. This vulnerability enables the identification and...