Code-Centric Detection of Vulnerability-Fixing Commits: A Unified Benchmark and Empirical Study

Automated detection of vulnerability-fixing commits VFCs is critical for timely security patch deployment, as advisory databases lag patch releases by a median of 25 days and many fixes never receive advisories. We present a comprehensive evaluation of code language model based VFC detection...

EUVD-2023-0027

Malicious code in bioql PyPI...

EUVD-2025-12986

Malicious code in bioql PyPI...

EUVD-2025-20291

Malicious code in bioql PyPI...

EUVD-2025-19810

Malicious code in bioql PyPI...

PatchSeeker: Mapping NVD Records to Their Vulnerability-Fixing Commits with LLM Generated Commits and Embeddings

Software vulnerabilities pose serious risks to modern software ecosystems. While the National Vulnerability Database NVD is the authoritative source for cataloging these vulnerabilities, it often lacks explicit links to the corresponding Vulnerability-Fixing Commits VFCs. VFCs encode precise code...

CVE-2025-38305

In the Linux kernel, the following vulnerability has been resolved: ptp: remove ptp-nvclocks check logic in ptpvclockinuse There is no disagreement that we should check both ptp-isvirtualclock and ptp-nvclocks to check if the ptp virtual clock is in use. However, when we acquire ptp-nvclocksmux t...

CVE-2025-21899 tracing: Fix bad hist from corrupting named_triggers list

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix bad hist from corrupting namedtriggers list The following commands causes a crash: cd /sys/kernel/tracing/events/rcu/rcucallback echo 'hist:name=bad:keys=commonpid:onmaxbogus.savecommonpid' trigger bash: echo: write...

CVE-2022-49307 tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()

In the Linux kernel, the following vulnerability has been resolved: tty: synclinkgt: Fix null-pointer-dereference in slgtclean When the driver fails at allochdlcdev, and then we remove the driver module, we will get the following splat: 25.065966 general protection fault, probably for non-canonic...

CVE-2024-45340

Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file...

CVE-2024-26652 net: pds_core: Fix possible double free in error handling path

In the Linux kernel, the following vulnerability has been resolved: net: pdscore: Fix possible double free in error handling path When auxiliarydeviceadd returns error and then calls auxiliarydeviceuninit, Callback function pdscauxbusdevrelease calls kfreepadev to free memory. We shouldn't call...

_writeCheckpoint not working correctly if oldCheckpoint.fromBlock == block.number

Lines of code Vulnerability details Impact function writeCheckpoint uint256 toTokenId, uint256 nCheckpoints, uint256 memory delegatedTokenIds internal requiredelegatedTokenIds.length 0 && oldCheckpoint.fromBlock == block.number oldCheckpoint.delegatedTokenIds = delegatedTokenIds; else...

domain.com Cross Site Scripting vulnerability OBB-2142979

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| domain.com ---|--- Open Bug Bounty...

bituruna.pr.gov.br Cross Site Scripting vulnerability OBB-2058262

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| bituruna.pr.gov.br ---|--- Open Bug...

All Vulnerabilities for maannews.net Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| maannews.net ---|--- Open Bug Bounty...

clickdimensions.com Improper Access Control vulnerability OBB-1408465

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

bankwithunited.com Improper Access Control vulnerability OBB-1377751

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

advertiser.ie Improper Access Control vulnerability OBB-1366764

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

cevennes-tourisme.fr XSS vulnerability

Open Bug Bounty ID: OBB-693679 Description| Value ---|--- Affected Website:| cevennes-tourisme.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

standrewsmethodisthalifax.org.uk XSS vulnerability

Open Bug Bounty ID: OBB-451884 Description| Value ---|--- Affected Website:| standrewsmethodisthalifax.org.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6....