Lucene search
K

17 matches found

The Hacker News
The Hacker News
added 2026/05/21 4:27 a.m.54 views

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code VS Code extension. The development comes as the Nx team revealed that the extensio...

5.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/20 9:7 p.m.40 views

Investigation update: GitHub Enterprise Server signing key rotation

May 26, 2026 : GitHub recently detected a cyber-attack and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. It's important to note that this investigation is still ongoing, and we will continue to...

5.8AI score
Exploits0
Circl
Circl
added 2026/05/20 7:7 p.m.9 views

GHSA-C9J4-9M59-847W

creationtimestamp| type| source ---|---|--- 2026-05-20 19:07:38+00:00| seen| https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/ 2026-05-21 10:45:20+00:00| seen| https://bsky.app/profile/tech-trending.bsky.social/post/3mmeahvo27p2m 2026-05-21...

5.8AI score
Exploits0References3
The Hacker News
The Hacker News
added 2026/05/20 11:38 a.m.26 views

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum. "While we currently have no evidence of impact to customer...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/20 5:12 a.m.15 views

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along wi...

5.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-46965

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00514EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/07/17 9:1 p.m.17 views

CVE-2025-6981

An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of...

5.3CVSS6.9AI score0.00254EPSS
Exploits0References1
NVD
NVD
added 2025/07/15 9:15 p.m.22 views

CVE-2025-6981

An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of...

5.3CVSS0.00254EPSS
Exploits0References4
CVE
CVE
added 2025/07/15 8:44 p.m.37 views

CVE-2025-6981

CVE-2025-6981 describes an incorrect authorization vulnerability in GitHub Enterprise Server that allowed unauthorized read access to internal repositories for contractor accounts when the Contractors API feature was enabled. The issue affected all versions prior to 3.18 and has been fixed in ver...

5.3CVSS6.2AI score0.00254EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/07/15 12:0 a.m.5 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

5.3CVSS6.4AI score0.00254EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 8:29 a.m.8 views

CVE-2024-5817

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This was only exploitable in internal repositories and required the attacker to have access to the corresponding project board. This vulnerability...

6.5CVSS6.6AI score0.00514EPSS
Exploits0References1
NVD
NVD
added 2024/07/16 10:15 p.m.30 views

CVE-2024-5817

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This was only exploitable in internal repositories and required the attacker to have access to the corresponding project board. This vulnerability...

6.5CVSS0.00514EPSS
Exploits0References5
OSV
OSV
added 2024/07/16 10:15 p.m.6 views

CVE-2024-5817

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This was only exploitable in internal repositories and required the attacker to have access to the corresponding project board. This vulnerability...

6.5CVSS5.8AI score0.00514EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.6 views

PT-2024-37179 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: An Incorrect Authorization issue was identified in GitHub Enterprise Server, allowing read access to issue content via GitHub Projects. This issue was only exploitable in internal...

6.5CVSS7AI score0.00514EPSS
Exploits0References9
Hacker One
Hacker One
added 2024/05/11 3:4 a.m.21 views

GitHub: Access body and title of Internal Repo Issues in Projects

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and...

5.9CVSS6.2AI score0.00514EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/09/19 12:0 a.m.7 views

PT-2023-31438 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.12 through 16.2.7 GitLab versions 16.3 through 16.3.4 Description: A critical vulnerability in GitLab allows attackers to run pipelines as other users, potentially granting access to internal repositories and closed project...

6.9AI score
Exploits0References15
Veracode
Veracode
added 2021/09/09 4:49 a.m.16 views

Privilege Escalation

centraldogma-server is vulnerable to privilege escalation. A user with file managing privileges of the project is able to mirror to internal repositories...

8.8CVSS3AI score0.0089EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder