Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-23202

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.00227EPSS
Exploits1References5
NVD
NVDadded 2025/07/30 10:15 p.m.3 views

CVE-2025-54586

GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visib...

7.1CVSS0.00227EPSS
Exploits1References4
Snyk
Snykadded 2025/07/30 9:45 p.m.2 views

Information Exposure

Overview @finos/git-proxy is a Deploy custom push protections and policies on top of Git. Affected versions of this package are vulnerable to Information Exposure due to a lack of checking for hidden commits. An attacker can access sensitive repository data by injecting additional commits that ar...

7.1CVSS6.6AI score0.00227EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2025/07/30 9:14 p.m.1 views

CVE-2025-54586 GitProxy is susceptible to a hidden commits injection attack

GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visib...

7.1CVSS6.2AI score0.00227EPSS
Exploits1References4
CVE
CVEadded 2025/07/30 9:14 p.m.13 views

CVE-2025-54586

GitProxy

7.1CVSS6.3AI score0.00227EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2025/07/30 9:14 p.m.6 views

CVE-2025-54586 GitProxy is susceptible to a hidden commits injection attack

GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visib...

7.1CVSS0.00227EPSS
Exploits1References4
OSV
OSVadded 2025/07/30 4:40 p.m.2 views

GHSA-V98G-8RQX-G93G GitProxy Hidden Commits Injection

Summary An attacker can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visible history, GitHub still serves them at their direct commit URLs. This lets an attacker exfiltrate...

7.1CVSS6.7AI score0.00227EPSS
Exploits1References6
Github Security Blog
Github Security Blogadded 2025/07/30 4:40 p.m.6 views

GitProxy Hidden Commits Injection

Summary An attacker can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visible history, GitHub still serves them at their direct commit URLs. This lets an attacker exfiltrate...

7.1CVSS6.7AI score0.00227EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologiesadded 2025/07/30 12:0 a.m.4 views

PT-2025-31448 · Gitproxy · Git-Proxy

Name of the Vulnerable Software and Affected Versions: GitProxy versions 1.19.1 and below Description: GitProxy is an application that acts as an intermediary between developers and a Git remote endpoint. Attackers can inject extra commits into the pack sent to GitHub, commits that are not...

7.1CVSS6.2AI score0.00227EPSS
Exploits1References12
RedhatCVE
RedhatCVEadded 2025/05/22 8:13 p.m.0 views

CVE-2021-39908

In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code...

7.5CVSS7.1AI score0.0018EPSS
Exploits0References1
Rows per page
Query Builder