29710 matches found
CVE-2021-30118
creationtimestamp| type| source ---|---|--- 2025-10-11 05:03:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-30118.yaml 2025-10-12 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-10-12 2025-10-12...
EUVD-2025-33544
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret...
CVE-2025-61912
creationtimestamp| type| source ---|---|--- 2025-10-10 20:48:19+00:00| published-proof-of-concept| https://github.com/python-ldap/python-ldap/security/advisories/GHSA-p34h-wq7j-h5v6...
Arbitrary Code Injection
Overview org.webjars.npm:happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Arbitrary Code Injection due to default evaluation o...
CVE-2025-10281
BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...
CVE-2021-38154
creationtimestamp| type| source ---|---|--- 2025-10-10 10:51:44+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-38154.yaml 2025-10-12 21:02:31+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m2zlw2iwgd2n 2026-05-21...
EUVD-2025-33396
BBOT's gitclone.py can expose users' GitHub API keys to an attacker-controlled webserver...
BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver
Summary Due to unsafe URL handling, bbot's gitclone.py can be made to leak a user's github.com API key to an attacker-controlled webserver. Impact A user who has placed their github.com API key in the configuration for any of the following modules: githubcodesearch githubworkflows gitlab gitclone...
GHSA-63WH-P5FX-H4VC BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver
Summary Due to unsafe URL handling, bbot's gitclone.py can be made to leak a user's github.com API key to an attacker-controlled webserver. Impact A user who has placed their github.com API key in the configuration for any of the following modules: githubcodesearch githubworkflows gitlab gitclone...
CVE-2025-10281
BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...
CVE-2025-10281
BBOT’s git_clone vulnerability stems from unsafe URL handling that can cause exposure of GitHub API keys to an attacker-controlled server when processing a specially crafted git URL. The CVE description and multiple advisories (Red Hat, GHSA, EUVD, OSV, NVD, CVELIST, and Snyk) consistently refere...
CVE-2025-10281 Insecure URL Handling in git_clone Leading to Leaked API Key
BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...
CVE-2025-10281 Insecure URL Handling in git_clone Leading to Leaked API Key
BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...
GHSA-MM7P-FCC7-PG87 vulnerabilities
Vulnerabilities for packages: jitsucom-jitsu...
BBOT 安全漏洞
BBOT is a recursive Internet scanner open-sourced by Black Lantern Security. BBOT suffers from a security vulnerability that originates in the gitclone module, where a maliciously formatted git URL could lead to the disclosure of GitHub API keys to an attacker-controlled server...
PT-2025-41394
Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The git clone module in BBOT may allow an attacker to disclose a GitHub API key to a server they control by using a maliciously formatted git URL. The issue involves the potential exposure of th...
CVE-2025-61773
creationtimestamp| type| source ---|---|--- 2025-10-08 23:26:16+00:00| published-proof-of-concept| https://github.com/pyload/pyload/security/advisories/GHSA-cjjf-27cc-pvmv...
JLSEC-2025-5 Lack of validation for user-provided fields in GitHub.jl
There is a lack of input validation for user-provided values in certain functions. In the GitHub.repo function, the user can provide any string for the reponame field. These inputs are not validated or safely encoded and are sent directly to the server. Impact This means a user can add path...
JLSEC-2025-2 Command injection in `withpasswd()` function in Registrator.jl
Impact If the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities, a shell script injection can occur within the withpasswd function. This can then lead to a potential RCE. Patches Users should upgrade immediately to v1.9.5. All prior versions are vulnerabl...
JLSEC-2025-3 Lack of validation for user-provided fields in GitForge.jl
Description There is a lack of input validation for user-provided values in certain functions. In the GitForge.getrepo function for GitHub, the user can provide any string for the owner and repo fields. These inputs are not validated or safely encoded and are sent directly to the server. Impact...