GHSA-R79C-PQJ3-577X Super-linter is vulnerable to command injection via crafted filenames in Super-linter Action

Summary The Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull request that introduces a file whose name contains shell command substitution syntax, such as $.... In...

CVE-2025-68267

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...

CVE-2025-68267

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...

CVE-2025-68267

CVE-2025-68267 affects JetBrains TeamCity versions prior to 2025.11.1. Root cause: TeamCity stored a GitHub personal access token instead of an installation token, enabling excessive privileges. Documented impact in connected Nessus advisory (multiple vulnerabilities for pre-2025.11.1). Remediati...

CVE-2025-68267

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...

CVE-2025-68267

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...

EUVD-2025-203763

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...

PT-2025-51718

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...

Exploit for CVE-2025-13595

CIBELES AI extractTo$extractDir; $rootInsideZip = $extrac...

MAL-2025-191347 Malicious code in @voiceflow/exception (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2eb8d68b66e59da1a4b42db0ac46ad31c940a051f6d6da86d55cd0ad7ac3f33b The package @voiceflow/exception was found to contain malicious code. Source: ghsa-malware...

CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

EUVD-2018-0238

Malware in sbrugna...

EUVD-2019-0342

Malware in sbrugna...

EUVD-2025-28133

Malicious code in bioql PyPI...

EUVD-2025-11894

Malicious code in bioql PyPI...

EUVD-2024-1521

Malicious code in bioql PyPI...

EUVD-2025-27001

Malicious code in bioql PyPI...

CVE-2025-58401

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...

CVE-2025-58401

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...

CVE-2025-58401

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...