13 matches found
CVE-2021-47987
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...
PT-2026-45483
Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...
EUVD-2026-22214
PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...
BIT-GRADLE-2026-22816 Gradle fails to disable repositories which can expose builds to malicious artifacts
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...
Malicious code in wide_raccoon_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01f6bd6801d61369281bdfee656f3a248745bc924f3a17d40978ea7f2fd5a4bc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2014-9743
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2024-32004
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in su...
RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs
Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...
CVE-2025-31479
canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUBTOKEN. If the full token is included in the excepti...
GHSA-W32M-9786-JP63
creationtimestamp| type| source ---|---|--- 2025-02-25 19:44:55+00:00| seen| https://gist.github.com/ruokun-niu/25de36e2d9507c94536ff4058d807551...
GHSA-7G97-7R3C-5CC6 In Quarkus, git credentials could be inadvertently published
A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk...
CVE-2024-1979
A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk...
CVE-2024-1979
A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk. Mitigation Ensure that at least one of the preconditions is not present in your environment...