CVE-2021-22863

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...

CVE-2021-22206

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,...

CVE-2024-41126

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The...

git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

SUSE CVE-2025-68940

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...

PT-2026-1508

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.20 GitHub Enterprise Server versions 3.14.20 GitHub Enterprise Server versions 3.15.15 GitHub Enterprise Server versions 3.16.11 GitHub Enterprise Server versions 3.17.8 GitHub Enterprise Server...

BIT-GITEA-2025-68940

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...

BIT-PEBBLE-2024-3250

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...

Understanding Security Risks of AI Agents' Dependency Updates

Package dependencies are a critical control point in modern software supply chains. Dependency changes can substantially alter a project's security posture. As AI coding agents increasingly modify software via pull requests, it is unclear whether their dependency decisions introduce distinct...

Unity Linux 20.1060a Security Update: kernel (UTSA-2025-992874)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992874 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back t...

GO-2025-4267 Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea...

Unity Linux 20.1060e Security Update: kernel (UTSA-2025-992680)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992680 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back t...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992200)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992200 advisory. In the Linux kernel, the following vulnerability has been resolved: skbuff: Account for tail adjustment during pull operations Extending the tail can have some...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992249)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992249 advisory. In the Linux kernel, the following vulnerability has been resolved: skbuff: Account for tail adjustment during pull operations Extending the tail can have some...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade github.com/go-gitea/gitea/services/repository to version 1.22.5...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade code.gitea.io/gitea/services/repository to version 1.22.5 or...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade github.com/go-gitea/gitea/routers/web/repo to version 1.22.5 or...