29708 matches found
GO-2025-4038 Git LFS may write to arbitrary files via crafted symlinks in github.com/git-lfs/git-lfs
Git LFS may write to arbitrary files via crafted symlinks in github.com/git-lfs/git-lfs...
GO-2025-4048 Mattermost Server is vulnerable to Code Injection through its LDAP fields in github.com/mattermost/mattermost-server
Mattermost Server is vulnerable to Code Injection through its LDAP fields in github.com/mattermost/mattermost-server...
GO-2025-4041 Cosmos EVM Vulnerability in github.com/cosmos/evm
Cosmos EVM Vulnerability in github.com/cosmos/evm...
GO-2025-4046 Mattermost Server is vulnerable to Uncontrolled Resource Consumption in github.com/mattermost/mattermost-server
Mattermost Server is vulnerable to Uncontrolled Resource Consumption in github.com/mattermost/mattermost-server...
GO-2025-4074 Rancher exposes sensitive information through audit logs in github.com/rancher/rancher
Rancher exposes sensitive information through audit logs in github.com/rancher/rancher...
GO-2025-4068 Slack Nebula may accept arbitrary source IP addresses in github.com/slackhq/nebula
Slack Nebula may accept arbitrary source IP addresses in github.com/slackhq/nebula...
GO-2025-4040 NetBird VPN does not remove the default password of an admin account in github.com/netbirdio/netbird
NetBird VPN does not remove the default password of an admin account in github.com/netbirdio/netbird...
GO-2025-4072 Karmada Dashboard API Unauthorized Access Vulnerability in github.com/karmada-io/dashboard
Karmada Dashboard API Unauthorized Access Vulnerability in github.com/karmada-io/dashboard...
GO-2025-4077 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose...
GO-2025-4064 Mattermost Server is vulnerable to XSS through crafted links in github.com/mattermost/mattermost-server
Mattermost Server is vulnerable to XSS through crafted links in github.com/mattermost/mattermost-server...
PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs
Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers' machines. The campaign has been codenamed...
Dynamic binary instrumentation (DBI) with DynamoRio
This blog introduces dynamic binary instrumentation DBI and guides you through building your own DBI tool with the open-source DynamoRIO framework on Windows 11. DBI enables powerful runtime analysis and modification of binaries critical for malware analysis, security auditing, reverse engineerin...
AZL-69200 CVE-2025-58183 affecting package gh for versions less than 2.62.0-10
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...
MAL-2025-48997 Malicious code in eslint-github-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e04576802856f7074d803ef7546dfd6b0e548ceee7429ad5dfe39b153b3e756d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-36779
Malicious code in eslint-github-bot npm...
Malicious Package
Overview eslint-github-bot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in eslint-github-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e04576802856f7074d803ef7546dfd6b0e548ceee7429ad5dfe39b153b3e756d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Security Vulnerabilities in AI-Generated Code: A Large-Scale Analysis of Public GitHub Repositories
This paper presents a comprehensive empirical analysis of security vulnerabilities in AI-generated code across public GitHub repositories. We collected and analyzed 7,703 files explicitly attributed to four major AI tools: ChatGPT 91.52%, GitHub Copilot 7.50%, Amazon CodeWhisperer 0.52%, and...
GHSA-RJ5C-58RQ-J5G5
creationtimestamp| type| source ---|---|--- 2025-10-28 22:37:14+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115454183590681546...
CVE-2025-62794
GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...