Decidim 跨站脚本漏洞

Decidim is an open source participatory democracy framework from Decidim, written in Ruby on Rails. A cross-site scripting vulnerability exists in Decidim versions 0.27.7 and earlier, which stems from the use of version control functionality that may be vulnerable to cross-site scripting XSS...

Sentry improperly authorizes muting of alert rules

Impact An authenticated user can mute alert rules from arbitrary organizations and projects given a known given rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we have identified no instances where alerts have been muted by...

ZITADEL has improper HTML sanitization in emails and Console UI

Impact ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potentially lead to a threat where an attacker,...

ROS-20240730-06

A vulnerability in the Git distributed version control system is related to the ability to create the folder "C:.git." Exploitation of the vulnerability could allow an attacker to run arbitrary commands...

CVE-2024-38519

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

CGA-H5MH-GQ4V-54J6

Bulletin has no description...

composer security vulnerability

composer is a software application. It provides a statement to manage and install dependencies for PHP projects. A security vulnerability exists in composer versions prior to 2.2.24 and 2.7.7, which stems from the fact that the composer install command run from a git/hg repository with a speciall...

CGA-GCX2-V78G-8R3P

Bulletin has no description...

ROS-20240527-04

A vulnerability in the Git distributed version control system exists due to a process control issue. Exploitation of the vulnerability could allow an attacker to execute arbitrary code when cloning specially crafted local repositories A vulnerability in the Git distributed version control system ...

GitLab 10.2 < 13.3.9 / 13.4 < 13.4.5 / 13.5 < 13.5.2 (CVE-2020-13352)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: =10.2, =13.4, =13.5, =10.2, =13.4, =13.5,...

CVE-2024-4183

Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table...

CVE-2024-30204 affecting package emacs for versions less than 29.3

CVE-2024-30204 affecting package emacs for versions less than 29.3. A patched version of the package is available...

[SECURITY] Fedora 40 Update: gitit-0.15.1.1-6.fc40

Gitit is a wiki backed by a git, darcs, or mercurial filestore. Pages and uploaded files can be modified either directly via the VCS's command-line too ls or through the wiki's web interface. Pandoc is used for markup processing, so pages may be written in extended markdown, reStructuredText,...

Security Posture Management for GitHub: spotting and fixing risks in your GitHub organization just got a lot easier

Wiz SPM for version control systems helps you find and fix risks in your GitHub instance...

nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2024-29199 via nautobot (>=1.0.3 <=1.5.16)

nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2024-29199 Source advisory: OSV:GHSA-M732-WVH2-7CQ4...

Fedora: Security Advisory for subversion (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for jgit (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: subversion-1.14.3-5.fc40

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

[SECURITY] Fedora 40 Update: jgit-6.1.0-9.fc40

A pure Java implementation of the Git version control system and command line interface...

BIT-DISCOURSE-2022-36068 Discourse moderators can edit themes via the API

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in...