MAL-2025-49377 Malicious code in github.com/boltdb-go/bolt (Git)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 1cad7a46a80076eedc2c3c00be0d3215bdfed842f6cc04c238d3b2591b38e2ad This malicious git repository is a typosquat of the legitimate BoltDB Go package. It contains a backdoor that enables remote code executio...

GO-2025-3983 Rancher update on users can deny the service to the admin in github.com/rancher/rancher

Rancher update on users can deny the service to the admin in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

GO-2025-4018 Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret in github.com/ossf/allstar

Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret in github.com/ossf/allstar...

The Geomys Standard of Care

One of the most impactful effects of professionalizing open source maintenance is that as professionals we can invest into upholding a set of standards that make our projects safer and more reliable. The same commitments and overhead that are often objected to when required of volunteers should b...

VulnerabilityAgent

VulnerabilityAgent 🛡️ An autonomous agent built on the BeeAI...

CVE-2021-24220

creationtimestamp| type| source ---|---|--- 2025-10-22 18:12:25+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24220.yaml 2025-10-23 21:02:31+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m3vb25a5lh23...

Top security researcher shares their bug bounty process

As we wrap Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to spotlight another top performing security researcher who participates in the GitHub Security Bug Bounty Program, Andr e Storfjord Kristiansen! GitHub is dedicated to maintaining the security and reliability of the...

GHSA-WP3J-XQ48-XPJW vulnerabilities

Vulnerabilities for packages: falco...

MAL-2025-48550 Malicious code in doppler-secrets-fetch-github-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15ae1d785262a986eb630a24e7abcd16bd4c799262e11059e5911a40f184ee5c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-35311

Malicious code in doppler-secrets-fetch-github-action npm...

CVE-2025-62595

creationtimestamp| type| source ---|---|--- 2025-10-21 06:58:44+00:00| published-proof-of-concept| https://github.com/koajs/koa/security/advisories/GHSA-g8mr-fgfg-5qpc...

Evaluating Large Language Models in Detecting Secrets in Android Apps

Mobile apps often embed authentication secrets, such as API keys, tokens, and client IDs, to integrate with cloud services. However, developers often hardcode these credentials into Android apps, exposing them to extraction through reverse engineering. Once compromised, adversaries can exploit...

CVE-2025-11750

creationtimestamp| type| source ---|---|--- 2025-10-20 16:29:40+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-11750.yaml 2025-10-22 15:45:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m3s6ui7prz2o 2025-10-22...

CVE-2019-16072

creationtimestamp| type| source ---|---|--- 2025-10-19 23:53:37+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2019/CVE-2019-16072.yaml 2025-10-24 21:02:30+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m3xrj3jgc423...

GHSA-RP2M-Q4J6-GR43

creationtimestamp| type| source ---|---|--- 2025-10-17 18:01:14+00:00| seen| https://infosec.exchange/users/DarkWebInformer/statuses/115390812802193403...

CVE-2025-62505

creationtimestamp| type| source ---|---|--- 2025-10-17 09:26:18+00:00| published-proof-of-concept| https://github.com/lobehub/lobehub/security/advisories/GHSA-fgx4-p8xf-qhp9...

CVE-2025-62171

creationtimestamp| type| source ---|---|--- 2025-10-17 09:03:16+00:00| published-proof-of-concept| https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm 2025-11-21 08:14:25+00:00| seen| https://gist.github.com/Darkcrai86/e83bbf1032d43d201a7187639bff59d1 2025-11-21...

GHSA-J253-W29R-9M48

creationtimestamp| type| source ---|---|--- 2025-10-17 06:21:20+00:00| seen| Telegram/W1TUsVVnntbTzk7O6kK2RdxwWVsGfPzeLKbF7bgeKBqWqCU...

CVE-2025-62418

creationtimestamp| type| source ---|---|--- 2025-10-16 20:41:03+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-fg89-g389-p346...

CVE-2025-62416

creationtimestamp| type| source ---|---|--- 2025-10-16 20:28:35+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-527q-4wqv-g9wj...