CVE-2023-0406

Cross-Site Request Forgery CSRF in GitHub repository modoboa/modoboa prior to 2.0.4...

CVE-2023-5690

Cross-Site Request Forgery CSRF in GitHub repository modoboa/modoboa prior to 2.2.2...

CVE-2023-2615

Cross-site Scripting XSS - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21...

CVE-2023-1176

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2...

CVE-2023-1067

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.18...

CVE-2023-0678

Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1...

CVE-2019-25084

A vulnerability, which was classified as problematic, has been found in Hide Files on GitHub up to 2.x. This issue affects the function addEventListener of the file extension/options.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.0...

CVE-2018-1000142

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

CVE-2025-32970

creationtimestamp| type| source ---|---|--- 2025-04-30 17:55:10+00:00| seen| https://t.me/cvedetector/24112 2025-08-28 13:40:03+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-32970.yaml 2025-08-30 21:02:28+00:00| seen|...

GO-2025-3640 Memory exhaustion in github.com/vbatts/tar-split

Memory exhaustion in github.com/vbatts/tar-split...

GO-2025-3611 Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server...

CVE-2024-3300

creationtimestamp| type| source ---|---|--- 2025-04-08 15:02:26+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-3300.yaml...

BIT-DOLIBARR-2022-0746 Business Logic Errors in dolibarr/dolibarr

Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0...

GO-2025-3536 OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability in github.com/openshift/hive

OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability in github.com/openshift/hive...

GO-2025-3537 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME` in github.com/corazawaf/coraza

OWASP Coraza WAF has parser confusion which leads to wrong URI in REQUESTFILENAME in github.com/corazawaf/coraza...

GO-2025-3543 WITHDRAWN: Libcontainer is affected by capabilities elevation in github.com/opencontainers/runc

This report has been withdrawn with reason: "Does not affect Go code.". https://nvd.nist.gov/vuln/detail/CVE-2025-27612 lists https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66 which caused automation to flag as Go; the affected repo is https://github.com/youki-dev/you...

Critical GitHub Attack

This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have...

CVE-2025-2539

creationtimestamp| type| source ---|---|--- 2025-03-20 15:03:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lksxstf3ne2w 2025-03-20 15:43:39+00:00| seen| https://t.me/cvedetector/20731 2025-03-25 07:01:59+00:00| confirmed|...

MAL-2025-2547 Malicious code in github.com/shadowybulk/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 80a941bac0303482eb50ebe17fbfa05f22640a3932940be16100c6a1c0357a04 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2550 Malicious code in github.com/utilizedsun/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c1511f2ec5bec408a1a2febf7d6a7bc0db05b5af4870679ef43223ecff5f000d Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...