Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-23193

Malicious code in bioql PyPI...

7CVSS6.3AI score0.00227EPSS
Exploits1References5
Snyk
Snykadded 2025/07/30 8:43 p.m.1 views

Misinterpretation of Input

Overview @finos/git-proxy is a Deploy custom push protections and policies on top of Git. Affected versions of this package are vulnerable to Misinterpretation of Input via the parsePush.ts file. An attacker can bypass approval mechanisms or hide commits by crafting a malicious Git packfile that...

7CVSS6.8AI score0.00227EPSS
Exploits1References2
NVD
NVDadded 2025/07/30 8:15 p.m.2 views

CVE-2025-54584

GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...

7CVSS0.00227EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2025/07/30 4:40 p.m.5 views

GitProxy Backfile Parsing Exploit

Summary An attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended...

7CVSS7.4AI score0.00227EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2025/07/30 4:40 p.m.2 views

GHSA-XXMH-RF63-QWJV GitProxy Backfile Parsing Exploit

Summary An attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended...

7CVSS7.4AI score0.00227EPSS
Exploits1References6
Rows per page
Query Builder