Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-44971

GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...

8.2CVSS5.5AI score0.00198EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:43 p.m.19 views

CVE-2026-44971

CVE-2026-44971 affects GuardDog (CLI tool to identify malicious PyPI packages). From version 1.0.0 through 2.9.0, GuardDog’s remote project scanning path rewrites attacker-controlled repository URLs via a blind string replacement and then sends the caller’s GitHub credentials with the resulting r...

8.2CVSS5.8AI score0.00198EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 2:45 p.m.30 views

GHSA-587R-MC96-6F2P GuardDog has a blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration

Summary The programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and...

8.2CVSS5.9AI score0.00198EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/11 2:45 p.m.14 views

GuardDog has a blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration

Summary The programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and...

8.2CVSS5.9AI score0.00198EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.6 views

JetBrains IntelliJ IDEA 安全漏洞

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2025.3, which stems from a missing validation step that could result in opening an untrusted...

5.4CVSS6.4AI score0.00088EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-9173

Malware in sbrugna...

6.5CVSS6.5AI score0.00545EPSS
Exploits0References3
Rows per page
Query Builder