41 matches found
EUVD-2025-23193
Malicious code in bioql PyPI...
EUVD-2025-23195
Malicious code in bioql PyPI...
EUVD-2025-23202
Malicious code in bioql PyPI...
EUVD-2025-23205
Malicious code in bioql PyPI...
CVE-2025-54583
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted...
CVE-2025-54585
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations...
CVE-2025-54584
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...
CVE-2025-54586
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visib...
CVE-2025-54586
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visib...
CVE-2025-54585
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations...
CVE-2025-54586 GitProxy is susceptible to a hidden commits injection attack
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visib...
CVE-2025-54586
GitProxy
CVE-2025-54586 GitProxy is susceptible to a hidden commits injection attack
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visib...
CVE-2025-54586 GitProxy is susceptible to a hidden commits injection attack
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visib...
CVE-2025-54585 GitProxy is vulnerable to a new branch approval exploit
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations...
CVE-2025-54585
GitProxy (versions ≤ 1.19.1) is vulnerable to a new-branch approval exploit: nearby commits on a parent branch can be pushed without proper approval due to how new branches are detected (uses a zero-hash check). The issue requires only regular push access and no extra user interaction, but it doe...
CVE-2025-54585 GitProxy is vulnerable to a new branch approval exploit
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations...
CVE-2025-54585 GitProxy is vulnerable to a new branch approval exploit
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations...
CVE-2025-54583
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted...
CVE-2025-54584
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...