Lucene search
K

29747 matches found

Vulnrichment
Vulnrichment
added 2025/09/26 4:24 p.m.17 views

CVE-2025-59844 Argument injection vulnerability in SonarQube Scan Action

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...

7.7CVSS7.4AI score0.01507EPSS
Exploits0References3
OSV
OSV
added 2025/09/26 4:24 p.m.8 views

CVE-2025-59844 Argument injection vulnerability in SonarQube Scan Action

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...

7.7CVSS7.7AI score0.01507EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/26 3:0 p.m.4 views

Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives

October marks Cybersecurity Awareness Month, a time when the developer community reflect on the importance of security in the evolving digital landscape. At GitHub, we understand that protecting the global software ecosystem relies on the commitment, skill, and ingenuity of the security research...

7AI score
Exploits0
Snyk
Snyk
added 2025/09/26 3:41 a.m.1 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the CheckSpecies function in the ChemKinFormat process. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted input that triggers a heap-based buffer overflow...

7.8CVSS8AI score0.00224EPSS
Exploits1References2
Wolfi
Wolfi
added 2025/09/26 2:34 a.m.4 views

GHSA-2HMJ-97JW-28JH vulnerabilities

Vulnerabilities for packages: strimzi-kafka-operator, apache-activemq-artemis, trino, solr, spark, apache-pulsar, thingsboard...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.10 views

PT-2025-39659

Name of the Vulnerable Software and Affected Versions givanz Vvveb versions through 1.0.7.2 Description A weakness exists in givanz Vvveb that could allow for cross-site request forgery. The vulnerability affects unknown code and can be exploited remotely. The exploit has been publicly released...

5.3CVSS4.6AI score0.00264EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2025/09/25 7:47 p.m.4 views

CVE-2025-55322

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network...

7.3CVSS7.3AI score0.00343EPSS
Exploits0References1
Veracode
Veracode
added 2025/09/25 2:53 p.m.6 views

Allocation Of Resources Without Limits

github.com/ulikunitz/xz is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to denial of service due to improper header validation that allows arbitrary data to be prepended to an LZMA stream, causing the implementation to allocate a full decode buffer and consume...

5.3CVSS7.1AI score0.00385EPSS
Exploits0References3Affected Software1
Circl
Circl
added 2025/09/25 1:53 p.m.2 views

GHSA-54J7-GRVR-9XWG

creationtimestamp| type| source ---|---|--- 2025-09-25 13:53:59+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115265269823527423...

5.8AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/25 12:30 a.m.11 views

Duplicate Advisory: Malicious versions of Nx were published

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cxm3-wv7p-598c. This link is maintained to preserve external references. Original Description Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was...

9.6CVSS7.1AI score0.00527EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2025/09/25 12:30 a.m.3 views

GHSA-8MJQ-32X3-22QF Duplicate Advisory: Malicious versions of Nx were published

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cxm3-wv7p-598c. This link is maintained to preserve external references. Original Description Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was...

9.6CVSS6.9AI score0.00527EPSS
Exploits0References7
NVD
NVD
added 2025/09/24 10:15 p.m.5 views

CVE-2025-10894

Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...

9.6CVSS0.00527EPSS
Exploits0References6
OSV
OSV
added 2025/09/24 10:15 p.m.4 views

CVE-2025-10894

Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...

9.6CVSS5.8AI score0.00527EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/09/24 9:20 p.m.9 views

CVE-2025-10894 Nx: nx/devkit: malicious versions of nx and plugins published to npm

Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...

9.6CVSS0.00527EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/09/24 9:20 p.m.1 views

CVE-2025-10894 Nx: nx/devkit: malicious versions of nx and plugins published to npm

Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...

9.6CVSS6.7AI score0.00527EPSS
Exploits0References6
CVE
CVE
added 2025/09/24 9:20 p.m.25 views

CVE-2025-10894

CVE-2025-10894 describes malicious versions of the Nx build system and related plugins published on the npm registry via a supply-chain attack. Affected packages contain code that scans the filesystem, collects credentials, and posts them to GitHub under the user’s account. The CVSSv3.1 base scor...

9.6CVSS6.7AI score0.00527EPSS
Exploits0References6
OSV
OSV
added 2025/09/24 7:21 p.m.4 views

GO-2025-3978 Mattermost boards plugin fails to restrict download access to files in github.com/mattermost/mattermost-plugin-boards

Mattermost boards plugin fails to restrict download access to files in github.com/mattermost/mattermost-plugin-boards...

6.5CVSS6.9AI score0.0025EPSS
Exploits0References5
OSV
OSV
added 2025/09/24 7:21 p.m.2 views

GO-2025-3962 esm.sh has File Inclusion issue in github.com/esm-dev/esm.sh

esm.sh has File Inclusion issue in github.com/esm-dev/esm.sh...

8.7CVSS7.1AI score0.01527EPSS
Exploits0References4
OSV
OSV
added 2025/09/24 7:15 p.m.4 views

CVE-2025-55322

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network...

7.3CVSS5.6AI score0.00343EPSS
Exploits0References1
NVD
NVD
added 2025/09/24 7:15 p.m.2 views

CVE-2025-55322

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network...

7.3CVSS0.00343EPSS
Exploits0References1
Rows per page
Query Builder