CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

Mintlify 安全漏洞

Mintlify is an AI-powered documentation platform from US-based Mintlify. A security vulnerability exists in versions of Mintlify prior to 2025-11-15, which stems from not validating the repository owner in the GitHub Integration API, potentially leading to the disclosure of sensitive information...

CVE-2025-67844

The Mintlify Platform’s GitHub Integration API (pre-2025-11-15) fails to validate that configured repository owner/name belong to the user’s GitHub App Installation ID, enabling disclosure of sensitive repository metadata. Multiple sources corroborate the issue and cite the same root cause in the...

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

@cloudcommerce/storefront (>=0.10.0 <=0.11.0), @gspenst/next (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2025-68278 via @tinacms/cli (>=0.60.28 <=1.12.6)

@tinacms/cli NPM version =0.60.28, =0.10.0, =0.0.1, =0.1.0, =0.0.2, =0.0.3, =0.0.1, =0.1.3 - next-tina-github-starter =0.1.0 - ramidus =1.2.1 Source cves: CVE-2025-68278 Source advisory: OSV:GHSA-529F-9QWM-9628...

CVE-2025-64236

creationtimestamp| type| source ---|---|--- 2025-12-18 17:36:08+00:00| seen| https://gist.github.com/Darkcrai86/062defce2f8916a4b25a588396fe34af 2025-12-18 17:59:25+00:00| seen| https://gist.github.com/Darkcrai86/5ca90ce01f1e2fc1adb3b3ec0d95897c 2025-12-18 19:57:31+00:00| seen|...

CVE-2025-13352

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

BIT-PARSE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management

Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permissions which...

Fedora: Security Advisory (FEDORA-2025-b8d9bd75d2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-6e8c819299)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

A Systematic Study of Code Obfuscation against LLM-Based Vulnerability Detection

As large language models LLMs are increasingly adopted for code vulnerability detection, their reliability and robustness across diverse vulnerability types have become a pressing concern. In traditional adversarial settings, code obfuscation has long been used as a general strategy to bypass...

Fedora 42 : golang-github-facebook-time (2025-b8d9bd75d2)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-b8d9bd75d2 advisory. Update logrus for https://access.redhat.com/security/cve/cve-2025-65637 Tenable has extracted the preceding description block directly from the Fedora securi...

CVE-2025-68267

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...

EUVD-2025-203891

Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection...

GHSA-JF5H-XFW4-P8GP Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

GHSA-CFPF-HRX2-8RV6 vulnerabilities

Vulnerabilities for packages: opentelemetry-collector-contrib, kine, argo-rollouts, k8sgateway, tempo, verticadb-operator, argo-cd, aws-otel-collector, datadog-agent, nats, vale, k8sgpt, kargo, grafana-alloy, opentelemetry-collector, kubeflow-pipelines, jaeger, k3s, argo-workflows,...

CVE-2025-13352

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

CVE-2025-13352

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to the improper validation of plugin bot identity. An attacker can cause users to add reactions to arbitrary GitHub objects by sending crafted notification posts. Remediation Upgrade...