8 matches found
MAL-2026-4451 Malicious code in @tailwind-core/vite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f9a00740b85c3ce7b36a9ba242f3eccc9ebf3d4f626ab911342c50d63b48805 The package name @tailwind-core/vite impersonates the official @tailwindcss/vite plugin from tailwindlabs, and its package.json declares three...
Mintlify 安全漏洞
Mintlify is an AI-powered documentation platform from US-based Mintlify. A security vulnerability exists in versions of Mintlify prior to 2025-11-15, which stems from not validating the repository owner in the GitHub Integration API, potentially leading to the disclosure of sensitive information...
Design/Logic Flaw
kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the config.json file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious...
git: Bypass of safe.directory protections
A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by...
Medium: git
Issue Overview: A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be...
GitLab: Persistent XSS via e-mail when creating merge requests
Summary: The vulnerability consists in the ability to create branch names that contain characters such as /. This branch name is sent via e-mail which is rendered as HTML. Description: One way to exploit this is by forking a repository. Then an attacker would create a branch called alert1 and mak...
Starbucks: Information Leak - Github - JMS Information
Hi, After some research, I found a leak on GitHub that might lead to accessing sensitive data of employees or clients not sure based on the code. There is also a SAP S-user to access a cloud based HANA service. I have not confirmed what kind of data is in there to avoid potential legal issues. I...
git -- gitweb privilege escalation
Git maintainers report: gitweb has a possible local privilege escalation bug that allows a malicious repository owner to run a command of his choice by specifying diff.external configuration variable in his repository and running a crafted gitweb query...