7 matches found
CVE-2026-52812
CVE-2026-52812 affects Gogs (open source self-hosted Git service) prior to 0.14.3. The vulnerability stems from a dedupe path in LFS storage: when an OID file already exists on disk, serveUpload bypasses hash verification and inserts a new per-repo binding (repo_id, oid) without confirming that t...
Malicious code in create-docs-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd4381fd77419441a2eefe6b22adef6c9f5adfe1b92be5d071abd5908fdf8647 Package is published at version 9999.99.99 — the canonical high-version override used in dependency-confusion attacks against private/internal packag...
CVE-2021-22865
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this...
CVE-2025-8447
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creating a diff between the repositories. To exploit this vulnerability, an attacker needed to know the...
CVE-2021-22167
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository...
in cythron/tweango
✍️ Description The Django secret key was hard coded in the Github repository which is vulnerable as https://huntr.dev/bounties/1-other-cythron/Tweango/ accordingly. Since the GitHub public API monitor every single git commit that is made, attacker can still find the key from commit lists. = It is...
CVE-2021-22865
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this...