11172 matches found
CVE-2025-55306
GenX_FX backend vulnerability: environment-variable misconfiguration can expose API keys and authentication tokens, enabling unauthorized access to cloud resources (Google Cloud, Firebase, GitHub, etc.). Impact is high (credential exposure with potential full resource access) as reported across m...
CVE-2025-55306 GenX_FX authentication bypass in JWT validation
GenXFX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources Google Cloud...
GO-2025-3867 Mattermost Confluence Plugin has Missing Authorization vulnerability in github.com/mattermost/mattermost-plugin-confluence
Mattermost Confluence Plugin has Missing Authorization vulnerability in github.com/mattermost/mattermost-plugin-confluence...
CVE-2025-54864 Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
GO-2025-3859 OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias in github.com/openbao/openbao
OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabilit...
GHSA-72FF-RQXP-4HRH
creationtimestamp| type| source ---|---|--- 2025-07-30 01:53:20+00:00| seen| https://gist.github.com/ZupeiNie/6f65e564f2067b876321d3dfdbb76569...
GO-2025-3820 Mattermost Path Traversal vulnerability in github.com/mattermost/mattermost-server
Mattermost Path Traversal vulnerability in github.com/mattermost/mattermost-server...
GO-2025-3797 Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server
Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server...
GO-2025-3806 Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization in github.com/juju/juju
Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization in github.com/juju/juju...
GHSA-RMRM-75HP-PHR2
creationtimestamp| type| source ---|---|--- 2025-07-16 22:46:07+00:00| seen| https://gist.github.com/safer-bot/5cb6cdcecb39df1920bcd36ae48b6919...
GHSA-6MCM-J9CJ-3VC3
creationtimestamp| type| source ---|---|--- 2025-07-16 16:29:40+00:00| seen| https://gist.github.com/safer-bot/06ba3e736cb2a22693a2da2a15674353...
GHSA-XFRJ-6VVC-3XM2
creationtimestamp| type| source ---|---|--- 2025-07-16 15:13:48+00:00| seen| https://gist.github.com/safer-bot/feebdbf91b1e9a0c4915d5d8be07b842...
GHSA-2363-CQG2-863C
creationtimestamp| type| source ---|---|--- 2025-07-16 10:31:30+00:00| seen| https://gist.github.com/safer-bot/6428f4e82456989e69180d6bca28d722...
GHSA-2474-2566-3QXP
creationtimestamp| type| source ---|---|--- 2025-07-16 10:18:29+00:00| seen| https://gist.github.com/safer-bot/2e68c14ecc155d87c9c5c84c2135887e...
GHSA-77RM-9X9H-XJ3G
creationtimestamp| type| source ---|---|--- 2025-07-16 07:57:46+00:00| seen| https://gist.github.com/safer-bot/77d94a9af1e1eb4557c057300da0a0ec 2025-07-16 14:01:42+00:00| seen| https://gist.github.com/safer-bot/7ddb036557afbccff4b128b5c0cf2325 2025-07-16 21:53:54+00:00| seen|...
Fake Minecraft Mods on GitHub Found Stealing Player Data
Malware hidden in fake Minecraft Mods on GitHub is stealing passwords and crypto from players. Over 1,500 devices may be affected, researchers warn...
GHSA-6R3C-XF4W-JXJM
creationtimestamp| type| source ---|---|--- 2025-06-17 13:11:06+00:00| seen| https://gist.github.com/safer-bot/227b935768f4907b3da218450ed38465 2025-07-07 04:47:43+00:00| seen| https://gist.github.com/safer-bot/d7517da551eae1157b9e505894777990 2025-07-16 03:07:48+00:00| seen|...
GO-2025-3720 Argo CD allows cross-site scripting on repositories page in github.com/argoproj/argo-cd
Argo CD allows cross-site scripting on repositories page in github.com/argoproj/argo-cd...
Eradicating the Unseen: Detecting, Exploiting, and Remediating a Path Traversal Vulnerability across GitHub
Vulnerabilities in open-source software can cause cascading effects in the modern digital ecosystem. It is especially worrying if these vulnerabilities repeat across many projects, as once the adversaries find one of them, they can scale up the attack very easily. Unfortunately, since developers...
GO-2025-3699 Allows host filesystem access on pull in github.com/containerd/containerd
Allows host filesystem access on pull in github.com/containerd/containerd...