29747 matches found
CVE-2025-59844 Argument injection vulnerability in SonarQube Scan Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...
CVE-2025-59844 Argument injection vulnerability in SonarQube Scan Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...
Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
October marks Cybersecurity Awareness Month, a time when the developer community reflect on the importance of security in the evolving digital landscape. At GitHub, we understand that protecting the global software ecosystem relies on the commitment, skill, and ingenuity of the security research...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the CheckSpecies function in the ChemKinFormat process. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted input that triggers a heap-based buffer overflow...
GHSA-2HMJ-97JW-28JH vulnerabilities
Vulnerabilities for packages: strimzi-kafka-operator, apache-activemq-artemis, trino, solr, spark, apache-pulsar, thingsboard...
PT-2025-39659
Name of the Vulnerable Software and Affected Versions givanz Vvveb versions through 1.0.7.2 Description A weakness exists in givanz Vvveb that could allow for cross-site request forgery. The vulnerability affects unknown code and can be exploited remotely. The exploit has been publicly released...
CVE-2025-55322
Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network...
Allocation Of Resources Without Limits
github.com/ulikunitz/xz is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to denial of service due to improper header validation that allows arbitrary data to be prepended to an LZMA stream, causing the implementation to allocate a full decode buffer and consume...
GHSA-54J7-GRVR-9XWG
creationtimestamp| type| source ---|---|--- 2025-09-25 13:53:59+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115265269823527423...
Duplicate Advisory: Malicious versions of Nx were published
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cxm3-wv7p-598c. This link is maintained to preserve external references. Original Description Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was...
GHSA-8MJQ-32X3-22QF Duplicate Advisory: Malicious versions of Nx were published
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cxm3-wv7p-598c. This link is maintained to preserve external references. Original Description Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was...
CVE-2025-10894
Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...
CVE-2025-10894
Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...
CVE-2025-10894 Nx: nx/devkit: malicious versions of nx and plugins published to npm
Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...
CVE-2025-10894 Nx: nx/devkit: malicious versions of nx and plugins published to npm
Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...
CVE-2025-10894
CVE-2025-10894 describes malicious versions of the Nx build system and related plugins published on the npm registry via a supply-chain attack. Affected packages contain code that scans the filesystem, collects credentials, and posts them to GitHub under the user’s account. The CVSSv3.1 base scor...
GO-2025-3978 Mattermost boards plugin fails to restrict download access to files in github.com/mattermost/mattermost-plugin-boards
Mattermost boards plugin fails to restrict download access to files in github.com/mattermost/mattermost-plugin-boards...
GO-2025-3962 esm.sh has File Inclusion issue in github.com/esm-dev/esm.sh
esm.sh has File Inclusion issue in github.com/esm-dev/esm.sh...
CVE-2025-55322
Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network...
CVE-2025-55322
Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network...