CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

AI Code in the Wild: Measuring Security Risks and Ecosystem Shifts of AI-Generated Code in Modern Software

Large language models LLMs for code generation are becoming integral to modern software development, but their real-world prevalence and security impact remain poorly understood. We present the first large-scale empirical study of AI-generated code AIGCode in the wild. We build a high-precision...

EUVD-2025-204501

Malicious code in adk-github npm...

Malicious Package

Overview adk-github is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in adk-github (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee46eaaea8bb0b2c04c936cd56cf6c030b92c551fe72a435a680680bc4b38bf9 The package adk-github was found to contain malicious code. Source: ghsa-malware feba07c14c2a8afde4296fe5a5c92d7bbec73e06a94fbc29edbd525f98e3ef42 Any...

MAL-2025-192619 Malicious code in adk-github (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee46eaaea8bb0b2c04c936cd56cf6c030b92c551fe72a435a680680bc4b38bf9 The package adk-github was found to contain malicious code. Source: ghsa-malware feba07c14c2a8afde4296fe5a5c92d7bbec73e06a94fbc29edbd525f98e3ef42 Any...

CVE-2025-63387

creationtimestamp| type| source ---|---|--- 2025-12-19 08:06:02+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-63387.yaml 2025-12-20 21:03:01+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mah44eqgd32r 2025-12-22...

CVE-2025-13307

creationtimestamp| type| source ---|---|--- 2025-12-19 07:05:59+00:00| seen| https://infosec.exchange/users/offseq/statuses/115744961823636580 2025-12-19 07:41:52+00:00| seen| https://gist.github.com/Darkcrai86/cd1792c2fd62567e2cd967ae4c56f9c8 2025-12-19 08:07:53+00:00| seen|...

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

GHSA-W853-JP5J-5J7F vulnerabilities

Vulnerabilities for packages: mlflow, airflow, kserve, open-webui, py3-cassandra-medusa...

GHSA-W853-JP5J-5J7F vulnerabilities

Vulnerabilities for packages: open-webui, py3-cassandra-medusa, text-generation-inference, airflow, mlflow, awx, request-1276, kserve, tritonserver-backend-vllm-cuda-12.9...

EUVD-2025-204426

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

Mintlify 安全漏洞

Mintlify is an AI-powered documentation platform from US-based Mintlify. A security vulnerability exists in versions of Mintlify prior to 2025-11-15, which stems from not validating the repository owner in the GitHub Integration API, potentially leading to the disclosure of sensitive information...

CVE-2025-67844

The Mintlify Platform’s GitHub Integration API (pre-2025-11-15) fails to validate that configured repository owner/name belong to the user’s GitHub App Installation ID, enabling disclosure of sensitive repository metadata. Multiple sources corroborate the issue and cite the same root cause in the...

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

@cloudcommerce/storefront (>=0.10.0 <=0.11.0), @gspenst/next (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2025-68278 via @tinacms/cli (>=0.60.28 <=1.12.6)

@tinacms/cli NPM version =0.60.28, =0.10.0, =0.0.1, =0.1.0, =0.0.2, =0.0.3, =0.0.1, =0.1.3 - next-tina-github-starter =0.1.0 - ramidus =1.2.1 Source cves: CVE-2025-68278 Source advisory: OSV:GHSA-529F-9QWM-9628...

CVE-2025-64236

creationtimestamp| type| source ---|---|--- 2025-12-18 17:36:08+00:00| seen| https://gist.github.com/Darkcrai86/062defce2f8916a4b25a588396fe34af 2025-12-18 17:59:25+00:00| seen| https://gist.github.com/Darkcrai86/5ca90ce01f1e2fc1adb3b3ec0d95897c 2025-12-18 19:57:31+00:00| seen|...

CVE-2025-13352

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...