218 matches found
EUVD-2023-54186
Malicious code in bioql PyPI...
EUVD-2024-32572
Malicious code in bioql PyPI...
EUVD-2025-4201
Malicious code in bioql PyPI...
EUVD-2025-2071
Malicious code in bioql PyPI...
Mozilla: User Can Delete Other Users' Personal Access Tokens at /delete-token/{token_id}/ on Mozilla Pontoon
A vulnerability was discovered in the Mozilla Pontoon application that allowed users to delete other users' personal access tokens at the /delete-token/tokenid/ endpoint without proper permission checks. The vulnerability was caused by the absence of user permission verification in the deletetoke...
Linux Distros Unpatched Vulnerability : CVE-2024-8114
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an...
Linux Distros Unpatched Vulnerability : CVE-2024-12379
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an...
m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials
Summary The steam-workshop-deploy github action does not exclude the .git directory when packaging content for deployment and provides no built-in way to do so. If a .git folder exists in the target directory e.g., due to a local Git repo, custom project structure, or via the actions/checkout...
GHSA-X6GV-2RVH-QMP6 m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials
Summary The steam-workshop-deploy github action does not exclude the .git directory when packaging content for deployment and provides no built-in way to do so. If a .git folder exists in the target directory e.g., due to a local Git repo, custom project structure, or via the actions/checkout...
PT-2025-34541 · Github Actions · Boldestdungeon/Steam-Workshop-Deploy +1
Summary The steam-workshop-deploy github action does not exclude the .git directory when packaging content for deployment and provides no built-in way to do so. If a .git folder exists in the target directory e.g., due to a local Git repo, custom project structure, or via the actions/checkout...
gimmePATz - GitHub Personal Access Token (PAT) Recon Tool 1.0.0
gimmePatz is a recon tool for GitHub PATs. Designed for bug bounty hunters, pentesters and red teams. gimmePatz will tell you what scopes a PAT has, and it will tell you what repositories or GitHub Organizations the PAT is attached to as well...
CVE-2025-53624
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...
Sensitive Information Exposure
docusaurus-plugin-content-gists is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of configuration options that include GitHub Personal Access Tokens, which are inadvertently embedded into client-side JavaScript bundles during the production build,...
GHSA-QF34-QPR4-5PPH docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token
GitHub Personal Access Token Exposure in docusaurus-plugin-content-gists Summary docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for...
CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...
CVE-2025-53624
The CVE-2025-53624 entry concerns the Docusaurus plugin docusaurus-plugin-content-gists. Versions prior to 4.0.0 are vulnerable because a GitHub Personal Access Token passed via plugin configuration could be exposed in production build artifacts, embedding the token in client-side JavaScript bund...
CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...
SUSE CVE-2025-3230
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previous...
Mattermost Server 9.11.x < 9.11.13 / 10.5.x < 10.5.4 / 10.6.x < 10.6.3 / 10.7.1 Multiple Vulnerabilities (MMSA-2025-00458, MMSA-2025-00463, MMSA-2025-00467)
The version of Mattermost Server installed on the remote host is prior to 9.11.13, 10.5.4, 10.6.3, or 10.7.0. It is, therefore, affected by multiple vulnerabilities as referenced in the MMSA-2025-00458, MMSA-2025-00463, MMSA-2025-00467 advisories. - Mattermost versions 10.7.x = 10.7.0, 10.6.x =...
Incorrect Implementation of Authentication Algorithm
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm. due to the improper invalidation of personal access tokens. An attacker can maintain access...