1063 matches found
CVE-2025-62156
Argo Workflows (versions
CVE-2025-62156 argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...
Argo Workflows 路径遍历漏洞
Argo Workflows is an open source container-native workflow engine for Kubernetes from the Argo project. A path traversal vulnerability exists in Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2, which stems from a Zip Slip path traversal vulnerability in the artifact...
PT-2025-41938
Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to 3.6.12 Argo Workflows versions 3.7.0 through 3.7.2 Description Argo Workflows is a container-native workflow engine for Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact...
Argo Workflows 安全漏洞
Argo Workflows is an open source container-native workflow engine for Kubernetes from the Argo project. A security vulnerability exists in Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2, which stems from workflow-controller pod logs exposing workware repository credentia...
Use of Hard-coded Credentials
Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the reviewbot component. An attacker can gain unauthorized access to repository workflows by sending crafted webhook requests using a known, hard-coded secret. This allows triggering of automated review...
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
A vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret: https://github.com/ossf/allstar/blob/294ae985cc2facd0918e8d820e4196021aa0b914/pkg/reviewbot/reviewbot.goL59 The value used for the secret token was compiled into t...
BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver
Summary Due to unsafe URL handling, bbot's gitclone.py can be made to leak a user's github.com API key to an attacker-controlled webserver. Impact A user who has placed their github.com API key in the configuration for any of the following modules: githubcodesearch githubworkflows gitlab gitclone...
GHSA-63WH-P5FX-H4VC BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver
Summary Due to unsafe URL handling, bbot's gitclone.py can be made to leak a user's github.com API key to an attacker-controlled webserver. Impact A user who has placed their github.com API key in the configuration for any of the following modules: githubcodesearch githubworkflows gitlab gitclone...
No Time to Waste: Embedding AI to Cut Noise and Reduce Risk
Artificial intelligence is reshaping cybersecurity on both sides of the battlefield. Cybercriminals are using AI-powered tools to accelerate and automate attacks at a scale defenders have never faced before. Security teams are overwhelmed by an explosion of vulnerability data, tool outputs, and...
EUVD-2009-1079
Malware in sbrugna...
EUVD-2021-1738
Malware in sbrugna...
EUVD-2021-0202
Malware in sbrugna...
EUVD-2018-0823
Malware in sbrugna...
EUVD-2017-14102
Malware in sbrugna...
EUVD-2025-17467
Malicious code in bioql PyPI...
EUVD-2025-17466
Malicious code in bioql PyPI...
EUVD-2022-3599
Malicious code in bioql PyPI...
EUVD-2025-14755
Malicious code in bioql PyPI...
EUVD-2025-10498
Malicious code in bioql PyPI...