CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-0352

Malware in sbrugna...

8.8CVSS8.7AI score0.01195EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-6330

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00312EPSS

Exploits0References9

RedhatCVE•added 2025/05/22 5:10 p.m.•6 views

CVE-2020-35305

Cross site scripting XSS in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog...

6.1CVSS5.9AI score0.00312EPSS

Exploits0

Veracode•added 2022/07/18 5:19 a.m.•12 views

Cross-site Scripting (XSS)

gollum is vulnerable to cross-site scripting. The vulnerability exists because the breadcrumb function of overview.rb and page.rb does not properly escape the element.tos and title.tos parameters before being rendered on the page, allowing an attacker to inject and execute malicious javascript...

6.1CVSS6AI score0.00312EPSS

Exploits0References8Affected Software1

OSV•added 2022/07/16 12:0 a.m.•18 views

GHSA-FJ2W-QMJP-3RJM Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog

Cross site scripting XSS in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog...

6.1CVSS6AI score0.00312EPSS

Exploits0References8

Github Security Blog•added 2022/07/16 12:0 a.m.•34 views

Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog

Cross site scripting XSS in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog...

6.1CVSS5.8AI score0.00312EPSS

Exploits0References8Affected Software1

RubySec•added 2022/07/16 12:0 a.m.•14 views

XSS via `filename` parameter to New Page dialog

Cross site scripting XSS in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog...

6.1CVSS2.8AI score0.00312EPSS

Exploits0References1Affected Software1

NVD•added 2022/07/15 2:15 p.m.•18 views

CVE-2020-35305

Cross site scripting XSS in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog...

6.1CVSS0.00312EPSS

Exploits0References4

OSV•added 2022/07/15 2:15 p.m.•8 views

CVE-2020-35305

Cross site scripting XSS in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog...

6.1CVSS6.1AI score

Exploits0References4

Prion•added 2022/07/15 2:15 p.m.•16 views

Cross site scripting

Cross site scripting XSS in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog...

5.8CVSS6AI score0.00312EPSS

Exploits0References4Affected Software1

CVE•added 2022/07/15 1:40 p.m.•55 views

CVE-2020-35305

CVE-2020-35305 describes a Cross-site Scripting (XSS) vulnerability in gollum versions 5.0 through 5.1.2, exploitable via the filename parameter in the New Page dialog. The root cause is improper handling/escaping of user-supplied filename input that is rendered in the UI, enabling injection of m...

6.1CVSS6AI score0.00312EPSS

Exploits0References4Affected Software1

Cvelist•added 2022/07/15 1:40 p.m.•27 views

CVE-2020-35305

Cross site scripting XSS in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog...

6.1AI score0.00312EPSS

Exploits0References4

CNNVD•added 2022/07/15 12:0 a.m.•2 views

Gollum 跨站脚本漏洞

Gollum is a simple wiki system built on top of Git by Gollum. It has a good API and a native front-end. A security vulnerability exists in Gollum versions 5.0 through 5.1.2, which originates from cross-site scripting XSS in gollum via filename arguments to the New Page dialog box...

6.1CVSS5.9AI score0.00312EPSS

Exploits0References5

Github Security Blog•added 2018/08/28 10:33 p.m.•16 views

Gollum Exposure of Sensitive Information

The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check...

4.3CVSS6.4AI score0.00472EPSS

Exploits0References7Affected Software1

OSV•added 2018/08/28 10:33 p.m.•15 views

GHSA-M2Q3-53FQ-7H66 Gollum Exposure of Sensitive Information

The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check...

4.3CVSS6.4AI score0.00472EPSS

Exploits0References7

OSV•added 2017/11/16 1:47 a.m.•14 views

GHSA-Q97V-764G-R2RP gollum and gollum-lib allow remote authenticated users to execute arbitrary code

The gollum-gritadapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string master is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags...

8.8CVSS8.8AI score0.01195EPSS

Exploits0References6

Github Security Blog•added 2017/11/16 1:47 a.m.•21 views

gollum and gollum-lib allow remote authenticated users to execute arbitrary code

8.8CVSS8.7AI score0.01195EPSS

Exploits0References6Affected Software2

RubySec•added 2017/11/16 12:0 a.m.•12 views

gollum and gollum-lib allow remote authenticated users to execute arbitrary code

8.8CVSS7AI score0.01195EPSS

Exploits0References1Affected Software1

RubySec•added 2017/11/16 12:0 a.m.•16 views

gollum and gollum-lib allow remote authenticated users to execute arbitrary code

8.8CVSS7AI score0.01195EPSS

Exploits0References1Affected Software1

Prion•added 2017/10/17 2:29 p.m.•17 views

Code injection

The gollum-gritadapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags...

6.5CVSS7.9AI score0.01195EPSS

Exploits0References4Affected Software3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by