GO-2025-3837 Hashicorp Vault has Privilege Escalation Vulnerability in github.com/hashicorp/vault

Hashicorp Vault has Privilege Escalation Vulnerability in github.com/hashicorp/vault...

GHSA-V98G-8RQX-G93G GitProxy Hidden Commits Injection

Summary An attacker can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visible history, GitHub still serves them at their direct commit URLs. This lets an attacker exfiltrate...

GitProxy Hidden Commits Injection

Summary An attacker can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visible history, GitHub still serves them at their direct commit URLs. This lets an attacker exfiltrate...

Sensitive Data Exposure

github.com/juju/utils is vulnerable to Sensitive Data Exposure. The vulnerability is due to the cert.NewLeaf function generating certificates that may contain private key information, which allows an attacker to extract the private key if the certificate is transmitted over the network in plainte...

GHSA-8QJW-9XGM-C9FF

creationtimestamp| type| source ---|---|--- 2025-06-20 17:46:18+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19003...

GO-2025-3693 Mattermost Fails to Validate Team Invite Permissions in github.com/mattermost/mattermost-server

Mattermost Fails to Validate Team Invite Permissions in github.com/mattermost/mattermost-server...

CVE-2025-23197

matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service DoS whereby it can crash on restart due...

CVE-2023-41898

Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...

CVE-2023-2554

External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0...

CVE-2022-1631

Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...

CVE-2022-31588

The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-3438

Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...

Denial Of Service (DoS)

github.com/bep/imagemeta is vulnerable to Denial Of Service DoS. The vulnerability is due to untrusted input handling, which allows excessively large data structures to be defined in small payloads...

BIT-DOLIBARR-2023-5323 Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr

Cross-site Scripting XSS - Generic in GitHub repository dolibarr/dolibarr prior to 18.0...

Stored Cross-site Scripting (XSS)

github.com/matrix-org/pinecone is vulnerable to stored Stored Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user input, allowing malicious scripts to be stored and later executed when accessed by users...

CVE-2025-22549

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in seinoxygen WP Github wp-github allows Stored XSS.This issue affects WP Github: from n/a through = 1.3.3...

GO-2022-1021 HashiCorp Vault vulnerable to incorrect metadata access in github.com/hashicorp/vault

HashiCorp Vault vulnerable to incorrect metadata access in github.com/hashicorp/vault...

GO-2023-2414 Authentication bypass vulnerability in navidrome's subsonic endpoint in github.com/navidrome/navidrome

Authentication bypass vulnerability in navidrome's subsonic endpoint in github.com/navidrome/navidrome...

GO-2023-2036 usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

usememos/memos vulnerable to privilege escalation in github.com/usememos/memos...

GO-2023-1863 rudder-server is vulnerable to SQL injection in github.com/rudderlabs/rudder-server

rudder-server is vulnerable to SQL injection in github.com/rudderlabs/rudder-server...