EUVD-2019-13478

Malware in sbrugna...

CVE-2023-4378

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...

Sorare: Mystery with a leaked token and Reusability of email confirmation link leading to Account Takeover

A vulnerability was discovered where leaked email confirmation links could be reused to gain access to a user's account without requiring a password. This was possible by modifying the token parameter in the URL of the expired confirmation link. An attacker who gains access to such a leaked link...

Elastic: Critical || Unrestricted access to private Github repos and properties of Elastic through leaked token of Elastic employee

@prateek0490 was able to gain access to private Github repositories through a leaked Github token on bitbucket. We confirmed this token was valid, and have rotated...

Grammarly: Employee's GitHub Token Found In Travis CI Build Logs

Our Security Team was notified by researchers who identified a valid leaked Github token in Travis CI logs that allow accessing a limited number of Grammarly repositories. We immediately revoked the token and conducted investigation together with the Github support team. Based on the available...

Algolia: An “algobot”-s GitHub access token was leaked

An access token of algobot account was first leaked 2015-12-02 in this Travis CI job log of instantsearch.js project due to incorrect handling of output from command git clone or a ghpages module to be more specific. Since then, the configuration of that project seems to have been changed not to...