Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion

Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...

CVE-2021-31913

In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirecturi were made during GitHub SSO token exchange...

CVE-2021-25774

In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user...

JetBrains TeamCity 安全漏洞

TeamCity is a Java-based build management and continuous integration server from JetBrains. A privilege control impropriety vulnerability exists in JetBrains TeamCity versions prior to 2020.2.1 that stems from a user being able to access another user's GitHub access token. No details of the...

PYSEC-2020-41

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

PYSEC-2020-268

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

Vercel: through %09 Character the attacker is able to steal Github Token [ Account Takeover ]

Summary: Hello i've found the filter will deleted this %09 character when checking the value parameter next in oauth which allow to attacker to bypass Filter and steal Oauth Token of user thats lead to account takeover ! Steps To Reproduce: 1. Go To...

Information disclosure

An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI...

CVE-2019-6797

An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI...

CVE-2019-6797

An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI...

CVE-2019-6797

CVE-2019-6797 describes an information-disclosure in GitLab Enterprise Edition prior to 11.5.8, 11.6.x prior to 11.6.6, and 11.7.x prior to 11.7.1, where the GitHub token used in CI/CD for External Repos could be leaked to project maintainers in the UI. The NVD lists this as a high-severity issue...

CVE-2019-6797

Removed by vendor...

Grammarly: Employee's GitHub Token Found In Travis CI Build Logs

Our Security Team was notified by researchers who identified a valid leaked Github token in Travis CI logs that allow accessing a limited number of Grammarly repositories. We immediately revoked the token and conducted investigation together with the Github support team. Based on the available...

CVE-2017-16225

aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user that performed a aegir-release GitHub token...

CVE-2017-16225

aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user that performed a aegir-release GitHub token...

Code injection

aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user that performed a aegir-release GitHub token...

CVE-2016-10526

A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly...

Code injection

A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly...

CVE-2016-10526

A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly...

Github Token Leak

Overview Affected versions of aegir bundle and publish the current users github token to npm when aegir-release is executed. Recommendation Update to version 12.0.8 or later. If you used this module to do a release for your project you should invalidate the GitHub tokens that were leaked...