29577 matches found
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was a security...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was a security...
PT-2026-34211
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An improper authorization issue exists where an authenticated attacker can determine the names of private repositories using their numeric ID. This occurs because the mobile upload...
PT-2026-34196
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the owner id parameter in the request...
PT-2026-34210
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An improper neutralization of special elements allows an authenticated Management Console administrator to execute arbitrary OS commands. This occurs via shell metacharacter injection...
PT-2026-34209
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An incorrect regular expression allows an attacker to bypass OAuth redirect URI validation. An attacker aware of a first-party OAuth application's registered callback URL can create a...
PT-2026-34212
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An improper authorization issue exists in scoped user-to-server ghu token authorization. An authenticated attacker can access private repositories outside the intended installation...
PT-2026-34060
Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.0-beta.6 Description goshs is a SimpleHTTPServer written in Go. An ArtiPACKED issue allows the leakage of the GITHUB TOKEN through workflow artifacts, even when the token is not included in the repository source cod...
Command Injection
Overview flowsint is an Add your description here Affected versions of this package are vulnerable to Command Injection via the orgtoasn transform process. An attacker can execute arbitrary operating system commands as root on the host machine by supplying shell metacharacters and escaping the...
GHSA-95MQ-XWJ4-R47P vulnerabilities
Vulnerabilities for packages: dgraph...
GHSA-M758-WJHJ-P3JQ
creationtimestamp| type| source ---|---|--- 2026-04-20 19:17:56+00:00| published-proof-of-concept| Telegram/lEx4szWN0qGJp6nrTUnjGPs2FeG4zgfzAhM3YBb6L1MKYlY...
CVE-2026-42180
creationtimestamp| type| source ---|---|--- 2026-04-20 14:11:48+00:00| published-proof-of-concept| https://api.github.com/repos/LemmyNet/lemmy/security-advisories/GHSA-3jvj-v6w2-h948...
autopoc
AutoPoC Automated proof-of-concept deployments on OpenShift...
MAL-2026-2946 Malicious code in moonbit-metrics-validator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e6bb44c25db578131ec69b1c961c22f67cabb0b81aae5fe9d4620194bf8d83cc Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...
MAL-2026-2947 Malicious code in moonbit-schema-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5fd7cc9fd6247802480f37b02a23faadb37c7fa5aded77358015c0861ab980e7 Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...
Malicious code in moonbit-locale-compat (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d42bb32adb1fb5f388368b9e4ab382bfbc8cd7f62dab4c70a8563a448ce9c2af Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...
Weaponizing the Commons: A Taxonomy and Detection Framework of Abuse on GitHub
GitHub plays a critical role in modern software supply chains, making its security an important research concern. Existing studies have primarily focused on CI/CD automation, collaboration patterns, and community management, while abuse behaviors on GitHub have received little systematic...
Malicious code in rblx-studio-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0984290664d514183109c836bea6a2bda03e33f89563accc6c79a51e281688f8 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
CVE-2026-41179
creationtimestamp| type| source ---|---|--- 2026-04-19 12:17:45+00:00| published-proof-of-concept| https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q 2026-04-19 12:17:45+00:00| published-proof-of-concept|...
GHSA-W8J3-QVC3-H56F
creationtimestamp| type| source ---|---|--- 2026-04-19 07:22:56+00:00| seen| https://bsky.app/profile/azu.bsky.social/post/3mjtgake2o22p...