27 matches found
EUVD-2025-23193
Malicious code in bioql PyPI...
EUVD-2025-23202
Malicious code in bioql PyPI...
EUVD-2025-23205
Malicious code in bioql PyPI...
CVE-2025-54583
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted...
CVE-2025-54585
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations...
CVE-2025-54584
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...
CVE-2025-54586
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visib...
CVE-2025-54586
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visib...
CVE-2025-54585
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations...
CVE-2025-54586 GitProxy is susceptible to a hidden commits injection attack
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visib...
CVE-2025-54586
GitProxy
CVE-2025-54586 GitProxy is susceptible to a hidden commits injection attack
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visib...
CVE-2025-54585 GitProxy is vulnerable to a new branch approval exploit
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations...
CVE-2025-54585 GitProxy is vulnerable to a new branch approval exploit
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations...
CVE-2025-54585 GitProxy is vulnerable to a new branch approval exploit
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations...
CVE-2025-54585
GitProxy (versions ≤ 1.19.1) is vulnerable to a new-branch approval exploit: nearby commits on a parent branch can be pushed without proper approval due to how new branches are detected (uses a zero-hash check). The issue requires only regular push access and no extra user interaction, but it doe...
CVE-2025-54584
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...
CVE-2025-54584
GitProxy (versions ≤ 1.19.1) is vulnerable to a packfile parsing exploit due to the parsePush.ts PACK signature detection. An attacker can craft a malicious Git packfile that embeds a misleading PACK signature within commit content and manipulates the packet structure, causing the parser to treat...
CVE-2025-54584 GitProxy is vulnerable to a packfile parsing exploit
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...
CVE-2025-54583 GitProxy bypasses approvals when pushing multiple branches
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted...