GO-2026-4388 Juju has broken CMR authorization in github.com/juju/juju

Juju has broken CMR authorization in github.com/juju/juju...

EUVD-2021-2404

Malware in sbrugna...

EUVD-2021-2304

Malware in sbrugna...

EUVD-2023-12494

Malicious code in bioql PyPI...

EUVD-2023-12677

Malicious code in bioql PyPI...

EUVD-2022-52996

Malicious code in bioql PyPI...

EUVD-2022-25200

Malicious code in bioql PyPI...

CVE-2022-1511

Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4...

tough cyclic delegation graphs are not detected

Summary In a TUF repository, the targets role’s signature indicates which target files are trusted by clients. The role can delegate full or partial trust to other roles, meaning that that role is trusted to sign target file metadata. Delegated roles can further delegate trust to other delegated...

GO-2022-0483 Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs...

CVE-2022-36069 Poetry Argument Injection vulnerability can lead to local Code Execution

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...

Cross-site Scripting vulnerability in repository issue list in Gogs

Impact DisplayName allows all the characters from users, which leads to an XSS vulnerability when directly displayed in the issue list. Patches DisplayName is sanitized before being displayed. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. Workarounds Check and update the existing users...

GHSA-XQ4V-VRP9-VCF2 Cross-site Scripting vulnerability in repository issue list in Gogs

Impact DisplayName allows all the characters from users, which leads to an XSS vulnerability when directly displayed in the issue list. Patches DisplayName is sanitized before being displayed. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. Workarounds Check and update the existing users...

CVE-2022-31038 XSS vulnerability in repository issue list in Gogs

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 DisplayName does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes DisplayName...

GHSA-GJRJ-9RJ4-PGWX DoS Vulnerability from Upstream Actix Web Issues

Impact This vulnerability affects all users of the perseus deploy functionality who have not exported their sites to static files. If you are using the inbuilt Perseus server in production, there is a memory leak in Actix Web stemming from this upstream issue which can allow even a single user to...

PT-2021-22374 · Octorpki +1 · Octorpki +1

Name of the Vulnerable Software and Affected Versions: OctoRPKI affected versions not specified Description: The issue allows for a slowloris DOS attack to take place, making OctoRPKI wait forever. This occurs because OctoRPKI does not limit the length of a connection. Specifically, the repositor...

Space not freed up after force-canceling a task

When editing a layer or publishing an image, you see extra space consumed in the "Layering Service" Local Storage normally. You attempt to cancel the operation, but the task does not cancel. Eventually after 60 minutes the cancel operation gets to the Stalled state, allowing you to force-cancel t...