Lucene search
K

9 matches found

NVD
NVD
added 2026/06/24 9:16 p.m.6 views

CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS0.00168EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.5 views

SUSE CVE-2026-33353

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

7.1CVSS5.8AI score0.00364EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.8 views

Soft Serve 安全漏洞

Soft Serve is a self-hosted command-line Git server developed by Charm. Versions of Soft Serve from 0.6.0 to 0.11.6 contained security vulnerabilities. These vulnerabilities were due to an authorization flaw in repository imports, which allowed any authenticated SSH user to clone the server’s loc...

7.1CVSS6.4AI score0.00364EPSS
Exploits1References3
OSV
OSV
added 2026/03/19 7:27 p.m.7 views

GHSA-XGXP-F695-6VRP In Soft Serve, an authenticated repo import can clone server-local private repositories

Summary An authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. This breaks the private-repository confidentiality boundary and should be treated as High severity...

7.1CVSS5.9AI score0.00364EPSS
Exploits1References5
Snyk
Snyk
added 2025/07/20 9:0 p.m.3 views

Embedded Malicious Package

Overview @toptal/picasso-select is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...

9.8CVSS7.4AI score
Exploits0References2
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.3 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server, which stems from the presence ...

6.5CVSS6.8AI score0.00606EPSS
Exploits0References6
SonarSource Blog
SonarSource Blog
added 2022/02/24 12:0 a.m.26 views

Review your security vulnerabilities in GitHub with code scanning alerts

Today, for GitHub repositories, our SAST analysis provides fast, precise security feedback directly inside your pull requests. You instantly know how many vulnerabilities are detected and, until now, you would systematically go to SonarCloud to start investigating. Not anymore. From this point...

7.6AI score
Exploits0
Hacker One
Hacker One
added 2021/07/16 4:48 p.m.26 views

Elastic: Critical || Unrestricted access to private Github repos and properties of Elastic through leaked token of Elastic employee

@prateek0490 was able to gain access to private Github repositories through a leaked Github token on bitbucket. We confirmed this token was valid, and have rotated...

2.1AI score
Exploits0
OSV
OSV
added 2020/09/15 1:15 p.m.2 views

UBUNTU-CVE-2020-13303

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public project...

7.1CVSS5.8AI score0.01164EPSS
Exploits0References3
Rows per page
Query Builder