PT-2026-24363

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions 3.14.24 through 3.19.3 Description An improper authorization issue was found in GitHub Enterprise Server. A user with read access to a repository and write access to a project could modify issue and pull reque...

Information Disclosure

github.com/canonical/lxd is vulnerable to an Information Disclosure. The vulnerability is due to differing HTTP status code responses in the Images API, where improper project existence handling allows unauthenticated remote attackers to infer whether a target project exists, enabling unintended...

MAL-2025-157178 Malicious code in jurss-gasd-as10as (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e115af794b2394611505c7949e9641e6644fcbe1add0f10c40c46492b75f09aa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141004 Malicious code in concurrently-deimos-scorpius-kaus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 417930b3a430052e342e5f69a99cbf6ba77c60440316b9ce057c1d09105f7c73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in oktafian-bika19-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d2d23a762fa109007e9ef4d462af47d510e29d66b77758f1adffcb68e4d8877 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-125539 Malicious code in close_shrew_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6955629d35c426a0fdaee25339af0cbc2577b6bbd068de90a76214ddb0b115f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2020-29665

Malware in sbrugna...

CVE-2017-15199

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description...

Improper Access Control

gitlab is vulnerable to Improper Access Control. The vulnerability allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions...

SUSE CVE-2013-3703

The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data...

CVE-2022-2227

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions...

CVE-2022-2227

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions...

UBUNTU-CVE-2022-2227

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions...

Design/Logic Flaw

Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata...

CVE-2020-8817

Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata...

CVE-2017-15199

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description...

CVE-2017-15199

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description...