35 matches found
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...
CVE-2026-44740
A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted...
CVE-2026-52812 Gogs: LFS dedupe path leaks private repo content across tenants
Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone /// but per-repo authorization lives in the lfsobject table keyed repoid, oid. serveUpload skips re-uploading when the OID file already exists on disk and inserts a new repoid, oid r...
AlmaLinux 10 : libsolv (ALSA-2026:28236)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28236 advisory. libsolv: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512 checksums CVE-2026-9150 libsolv: Heap buffer overfl...
Malicious code in sendgrid-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08f1d48bc557c6afa69c74455fe35f34ed0992082dc30fc09d032523d2329f63 Package impersonates the official SendGrid npm packages @sendgrid/ but ships no SDK functionality — index.js exports an empty object. Its sole purpos...
Malicious code in create-docs-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd4381fd77419441a2eefe6b22adef6c9f5adfe1b92be5d071abd5908fdf8647 Package is published at version 9999.99.99 — the canonical high-version override used in dependency-confusion attacks against private/internal packag...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing of maliciously crafted Git repository data, such as .pack, .idx, or loose objects. An attacker can cause the application to panic by providing a payload that excee...
MAL-2026-4670 Malicious code in skills-detector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 844190b21455d308d6e2b5305ebe92634d80b55817290a84644a1048df0e54b3 On npm install, postinstall.js executes whoami and id via childprocess.execSync, collects os.hostname, os.platform, current working directory, and th...
Malicious code in svharness (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3aef9a7535c16df930fdb10e5b60773f5ba2e0a8cd102d53a4cc3da122cfd473 When the documented svharness build --baseline or svharness wizard command is run, the tool's default 'tasks' wiki mode scans and bundles the caller'...
PT-2026-41959
Name of the Vulnerable Software and Affected Versions go-git versions prior to v5 Description A path validation issue allows crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. This occurs because the software drifted from...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : FORT Validator vulnerabilities (USN-7813-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7813-1 advisory. Niklas Vogel and Haya Schulmann discovered that FORT Validator did not perform proper input validation when parsing certain RPKI...
USN-7813-1: FORT Validator vulnerabilities
Niklas Vogel and Haya Schulmann discovered that FORT Validator did not perform proper input validation when parsing certain RPKI repository data. A remote attacker could possibly use this issue to cause FORT Validator to crash, resulting in a denial of service. CVE-2024-45234, CVE-2024-45235,...
EUVD-2014-0519
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-22200
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal...
ManageEngine DataSecurity Plus Xnode Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine DataSecurity Plus Xnode Enumeration', 'Description' = %q This module exploits default admin credentials for the DataEngine Xnode...
PT-2024-18414
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server versions 3.8.15 and earlier GitHub Enterprise Server versions 3.9.10 and earlier GitHub Enterprise Server versions 3.10.7 and earlier GitHub Enterprise Server versions...
The vulnerability of the application software interface of the Cisco DNA Center allows a hacker to read and modify data in its internal repository.
The vulnerability of the Cisco DNA Center’s application programming interface is related to errors in access management. Exploiting this vulnerability allows a malicious actor to remotely read and modify data in the internal repository by sending specially crafted API requests...
Cross site scripting
Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the...
DEBIAN-CVE-2021-43173
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...
GitLab安全漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An access control error vulnerability exists in GitLab...