GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover

A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments. "A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud servic...

GO-2024-2905 Openshift/telemeter: iss check during jwt authentication can be bypassed in github.com/openshift/telemeter

Openshift/telemeter: iss check during jwt authentication can be bypassed in github.com/openshift/telemeter...

Security Bulletin: A vulnerability in github.com/containerd/containerd-v1.6.17 affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the github.com/containerd/containerd-v1.6.17 package has been addressed. Vulnerability Details CVEID:CVE-2023-25173 DESCRIPTION: containerd could allow a local authenticated attacker to bypass security restrictions, caused by improper setup for supplementary groups insi...

Sensitive Information Disclosure

github.com/goreleaser/goreleaser is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the change in log output level from DEBUG to INFO, which could allow an attacker with access to the build logs to view sensitive environment information when the go build output is...

SQL Injection

github.com/layer5io/meshery is vulnerable to a SQL injection. The vulnerability is due to improper input validation in GetMeshSyncResources function within meshsynchandler.go. This flow allows a remote attacker to obtain sensitive information via the order parameter...

CVE-2023-6022

Cross-Site Request Forgery CSRF in GitHub repository prefecthq/prefect prior to 2.16.5...

Captcha Bypass

github.com/answerdev/answer is vulnerable to Captcha Bypass. The vulnerability exists due to an improper captcha mechanism in captcha.go, which allows an attacker to bypass the captcha technique and create multiple user accounts...

Timing Attack

github.com/answerdev/answer is vulnerable to Timing Attacks. The vulnerability exists because the application does not have a constant login attempt response time. which allows an attacker to brute force valid account email addresses...

CVE-2023-2610

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532...

CVE-2023-2260 Authorization Bypass Through User-Controlled Key in alfio-event/alf.io

Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...

CVE-2023-1647 Improper Access Control in calcom/cal.com

Improper Access Control in GitHub repository calcom/cal.com prior to 2.7...

CVE-2023-0760 Heap-based Buffer Overflow in gpac/gpac

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV...

Cross-Site Request Forgery (CSRF)

github.com/destinygg/chat is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to lack of validation of in the web socket function in main.go which allows an attacker to bypass CSRF protection...

Improper Access Control

github.com/usememos/memos is vulnerable to improper access control. The vulnerability exists because the values are not properly handled which allows an attacker to gain access to system...

CVE-2022-2922 Relative Path Traversal in dnnsoftware/dnn.platform

Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0...

CVE-2022-3224

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...

Privilege Escalation

github.com/elrondnetwork/elrond-go is vulnerable to privilege escalation. Read only calls between contracts may generate smart contract results due to insufficient checks, which allows remote attackers to elevate their privileges to an extent which the original smart contract programmers didn't...

Denial Of Service (DoS)

vim:sid is vulnerable to denial of service. The vulnerability exists due to heap-based buffer overflow in GitHub repository...

Directory Traversal

github.com/flipped-aurora/gin-vue-admin is vulnerable to directory traversal. The vulnerability exists due to a lack of sanitization of FileName allowing an attacker to gain access to restricted files...

CVE-2022-1237

Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see CWE...