Lucene search
+L
GithubRecent

33426 matches found

Github Security Blog
Github Security Blog
added 2025/09/29 8:40 p.m.10 views

go-f3 module vulnerable to integer overflow leading to panic

Impact Filecoin nodes consuming F3 messages are vulnerable. go-f3 panics when it validates a "poison" messages. A "poison" message can can cause integer overflow in the signer index validation. In Lotus' case, the whole node will crash. There is no barrier to entry. An attacker doesn't need any...

7.5CVSS7.2AI score0.00312EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/29 8:40 p.m.10 views

go-f3 Vulnerable to Cached Justification Verification Bypass

Description A vulnerability exists in go-f3's justification verification caching mechanism where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by: 1. First submitting a valid message with a correct...

6.5CVSS7AI score0.00223EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/29 5:53 p.m.10 views

MinIO Java Client XML Tag Value Substitution Vulnerability

Description In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including...

8.7CVSS6.6AI score0.00458EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/29 5:51 p.m.10 views

j178/prek-action vulnerable to arbitrary code injection in composite action

Summary There are three potential attacks of arbitrary code injection vulnerability in the composite action at action.yml. Details The GitHub Action variables inputs.prek-version, inputs.extraargs, and inputs.extra-args can be used to execute arbitrary code in the context of the action. PoC yaml ...

8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/29 4:29 p.m.12 views

mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders

Impact CWE-20: Improper Input Validation Low impact Patches Patched in v7.1.8 commit https://github.com/mondeja/mkdocs-include-markdown-plugin/commit/7466d67aa0de8ffbc427204ad2475fed07678915 Workarounds No...

6.5CVSS6.9AI score0.00318EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/29 4:28 p.m.8 views

go-mail has insufficient address encoding when passing mail addresses to the SMTP client

Impact Due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, this could lead to a possible wrong address routing or even to ESMTP parameter smuggling. Vulnerability details Instead ...

9.1CVSS7.2AI score0.00505EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/29 4:28 p.m.5 views

vet MCP Server SSE Transport DNS Rebinding Vulnerability

SafeDep vet is vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. To exploit this vulnerability following conditions must be met: 1. A vet scan is executed and reports are saved as sqlite3 database 2. A vet MCP server is running on default port with SSE...

2.1CVSS6.7AI score0.0038EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/29 3:0 p.m.7 views

CodeQL zero to hero part 5: Debugging queries

When you're first getting started with CodeQL, you may find yourself in a situation where a query doesn't return the results you expect. Debugging these queries can be tricky, because CodeQL is a Prolog-like language with an evaluation model that's quite different from mainstream languages like...

7.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/09/27 6:30 p.m.14 views

llama-index-core insecurely handles temporary files

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...

7.3CVSS6.9AI score0.00134EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/27 6:30 a.m.10 views

algoliasearch-helper is vulnerable to Prototype Pollution in _merge()

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...

7.5CVSS7.2AI score0.00482EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/27 6:30 a.m.15 views

github.com/nyaruka/phonenumbers Vulnerable to Improper Validation of Syntactic Correctness of Input

Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...

7.5CVSS6.9AI score0.00421EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 9:30 p.m.11 views

PiranhaCMS stored XSS

PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser...

6.8CVSS6.5AI score0.00298EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 3:32 p.m.10 views

OpenMLS improper persistence of the secret tree during message processing

Summary A bug in the OpenMLS library prevented private key material from being updated in storage during message processing. The key material in question are the keys stored in the MLS secret tree, which are used for decryption of private MLS messages. The effects of the bug are limited in scope,...

6.6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 3:30 p.m.8 views

Duplicate Advisory: SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7vm2-j586-vcvc. This link is maintained to preserve external references. Original Description A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or...

5.7CVSS6.6AI score0.00298EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 3:0 p.m.11 views

kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace

Impact Because UPDATE validation is not being applied, it is possible for an actor with access to an instance of the initializingworkspaces virtual workspace to run arbitrary patches on the status field of LogicalCluster objects while the workspace is initializing. This allows to add or remove an...

6.9AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 3:0 p.m.10 views

Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass

Impact A Cross-Site Request Forgery CSRF vulnerability was identified in Apollo’s Embedded Sandbox and Embedded Explorer. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the...

8.2CVSS7.4AI score0.00149EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/09/26 3:0 p.m.5 views

Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives

October marks Cybersecurity Awareness Month, a time when the developer community reflect on the importance of security in the evolving digital landscape. At GitHub, we understand that protecting the global software ecosystem relies on the commitment, skill, and ingenuity of the security research...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/09/26 2:38 p.m.10 views

express-xss-sanitizer has an unbounded recursion depth

Security Advisory: express-xss-sanitizer Overview A vulnerability was discovered in express-xss-sanitizer that allowed unbounded recursion depth during sanitization of nested objects. Affected Versions - All versions prior to 2.0.1 Patched Versions - 2.0.1 and later Description The sanitize...

5.3CVSS7.2AI score0.00419EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 2:27 p.m.7 views

get-jwks: poisoned JWKS cache allows post-fetch issuer validation bypass

Summary A vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. Details When the iss issuer claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an unexpected issuer to be reused, resulting in a bypass of issuer...

9.4CVSS6.7AI score0.00372EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 2:26 p.m.10 views

JupyterLab LaTeX typesetter links did not enforce `noopener` attribute

Links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener attribute. This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves...

4.3CVSS6.8AI score0.0021EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 1:2 p.m.9 views

Rancher update on users can deny the service to the admin

Impact A vulnerability has been identified within Rancher Manager where a missing server-side validation on the .username field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts. Specifically: - Username takeover: A user wit...

7.6CVSS6.6AI score0.00453EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 1:2 p.m.9 views

Rancher CLI SAML authentication is vulnerable to phishing attacks

Impact A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens. Rancher Manager...

8CVSS6.8AI score0.00217EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 1:2 p.m.7 views

Rancher sends sensitive information to external services through the `/meta/proxy` endpoint

Impact A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra- headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses. If...

4.7CVSS7AI score0.00334EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 1:1 p.m.13 views

Argument injection vulnerability in SonarQube Scan Action

A command injection vulnerability exists in SonarQube GitHub Action prior to v6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This vulnerability bypasses a previous security fix and allows arbitrary command execution, potentially...

7.7CVSS7.5AI score0.01507EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 9:31 a.m.6 views

WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...

5.3CVSS6.8AI score0.00234EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 9:31 a.m.8 views

Apache Airflow: Connection sensitive details exposed to users with READ permissions

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...

6.5CVSS6.5AI score0.00903EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 6:30 a.m.5 views

Duplicate Advisory: Open Babel has out-of-bounds read in PQS lowerit (pre-buffer read)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m982-7q3h-r784. This link is maintained to preserve external references. Original Description A vulnerability was determined in Open Babel up to 3.1.1. This affects the function PQSFormat::ReadMolecule of the fi...

5.5CVSS5.4AI score0.00189EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 3:31 a.m.7 views

Duplicate Advisory: Open Babel has NULL pointer dereference in CACAO CacaoFormat::SetHilderbrandt

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-55j6-rjhx-hwfh. This link is maintained to preserve external references. Original Description A vulnerability was found in Open Babel up to 3.1.1. The impacted element is the function CacaoFormat::SetHilderbrand...

5.5CVSS5.3AI score0.00188EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 3:31 a.m.8 views

Duplicate Advisory: Open Babel has heap buffer overflow in SMILES OBSmilesParser::ParseSmiles

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j35x-w4gj-pf7w. This link is maintained to preserve external references. Original Description A vulnerability was detected in Open Babel up to 3.1.1. This issue affects the function OBSmilesParser::ParseSmiles o...

7.8CVSS6.2AI score0.00224EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 3:31 a.m.7 views

Duplicate Advisory: Open Babel has NULL pointer dereference in ChemKinFormat::ReadReactionQualifierLines

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j9pp-7wfg-q7fj. This link is maintained to preserve external references. Original Description A vulnerability has been found in Open Babel up to 3.1.1. The affected element is the function...

5.5CVSS5.2AI score0.00187EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 3:31 a.m.6 views

Duplicate Advisory: Open Babel has heap buffer overflow in ChemKin ChemKinFormat::CheckSpecies

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8wq6-qh76-wpv9. This link is maintained to preserve external references. Original Description A flaw has been found in Open Babel up to 3.1.1. Impacted is the function ChemKinFormat::CheckSpecies of the file...

7.8CVSS6.2AI score0.00224EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 3:31 a.m.8 views

Duplicate Advisory: Open Babel has Use-after-free in GAMESS GAMESSOutputFormat::ReadMolecule

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pp85-5j63-xpq3. This link is maintained to preserve external references. Original Description A weakness has been identified in Open Babel up to 3.1.1. This affects the function GAMESSOutputFormat::ReadMolecule ...

7.8CVSS5.9AI score0.00196EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 3:31 a.m.8 views

Duplicate Advisory: Open Babel has out-of-bounds write (overlapping memcpy) in zipstream basic_unzip_streambuf::underflow

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8j3x-m868-cpw8. This link is maintained to preserve external references. Original Description A security vulnerability has been detected in Open Babel up to 3.1.1. This vulnerability affects the function...

7.8CVSS5.7AI score0.00202EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/26 12:31 a.m.10 views

Hutool allows remote code execution (RCE) via the QLExpressEngine class

An issue was discovered in chinabugotech hutool before 5.8.40 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution RCE via the QLExpressEngine class...

6.5CVSS8.7AI score0.00315EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/25 9:30 p.m.9 views

Liferay Portal and DXP vulnerable to a memory leak

A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions...

7.5CVSS6.9AI score0.00312EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/25 6:30 p.m.7 views

ml-logger file handler allows reading arbitrary files

A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function streamhandler of the file mllogger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure...

6.9CVSS6.7AI score0.0034EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/25 4:39 p.m.10 views

Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters

Summary Rack::QueryParser in version 2.2.18 enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Details The issue arises...

7.5CVSS6.8AI score0.00535EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/25 4:39 p.m.9 views

Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning

Impact A security vulnerability was discovered in Gardener when Terraformer is used for infrastructure provisioning. This vulnerability could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster where the shoot cluster is managed. This CVE...

9.9CVSS9.1AI score0.00477EPSS
Exploits0References12Affected Software4
Github Security Blog
Github Security Blog
added 2025/09/25 3:30 p.m.11 views

ml-logger has path traversal in the file argument

A vulnerability was identified in geyang ml-logger 0.10.36 and prior. Affected by this vulnerability is the function loghandler of the file mllogger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly...

7.5CVSS7AI score0.00558EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/25 3:30 p.m.9 views

cors-anywhere vulnerable to server-side request forgery

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services...

9.5CVSS8.5AI score0.01005EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/25 3:30 p.m.9 views

apidoc-core is vulnerable to prototype pollution

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial ...

7.5CVSS6.8AI score0.00331EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/25 3:30 p.m.9 views

ml-logger deserialization vulnerability

A vulnerability was determined in geyang ml-logger 0.10.36 and prior. Affected is the function loghandler of the file mllogger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack remotely. The exploit has be...

6.5CVSS6.8AI score0.00288EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/25 3:30 p.m.7 views

dref is vulnerable to prototype pollution

A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

7.5CVSS6.8AI score0.00365EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/25 12:30 a.m.14 views

Duplicate Advisory: Malicious versions of Nx were published

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cxm3-wv7p-598c. This link is maintained to preserve external references. Original Description Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was...

9.6CVSS7.1AI score0.00527EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:34 p.m.9 views

lobe-chat has an Open Redirect

Description --- Vulnerability Overview The project's OIDC redirect handling logic constructs the host and protocol of the final redirect URL based on the X-Forwarded-Host or Host headers and the X-Forwarded-Proto value. In deployments where a reverse proxy forwards client-supplied X-Forwarded-...

4.3CVSS7AI score0.00301EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.9 views

json-schema-editor-visual vulnerable to prototype pollution

json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload,...

6.5CVSS6.7AI score0.003EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.11 views

ts-fns has prototype pollution vulnerability

A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adversaries may inject arbitrary properties int...

6.5CVSS7.7AI score0.004EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.5 views

web3-core-method is vulnerable to prototype pollution

web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...

7.5CVSS6.7AI score0.00365EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.11 views

spmrc vulnerable to prototype pollution

spmrc is a package that provides the rc manager for spm. A Prototype Pollution vulnerability in the set and config function of spmrc version 1.2.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum...

7.5CVSS6.7AI score0.00365EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.11 views

Duplicate Advisory: rollbar vulnerable to prototype pollution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r8c2-2qwq-94p6. This link is maintained to preserve external references. Original Description rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package include...

7.5CVSS6.8AI score0.00365EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities33426