Hi 👋
| N° | CVE | Severity | Description |
|---|---|---|---|
| 1 | CVE-2022-1993 | High | Path Traversal vulnerability on the endpoint '/info/refs' in Gogs (A self-hosted Git service) - advisory |
| 2 | CVE-2022-3607 | Medium | ZipSlip Symlink variant allows to read any file within OctoPrint Box in Octoprint (An open source 3D printer controller application) |
| 3 | CVE-2022-23530 | Low | GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package (DataDog CLI tool to identify malicious PyPI and npm packages or Go modules) - advisory |
| 4 | CVE-2023-25804 | Medium | Limited Path Traversal in name parameter hap-wi/roxy-wi |
| 5 | CVE-2023-25803 CVE-2023-25802 | High | Directory Traversal vulnerability in hap-wi/roxy-wi |
| 6 | CVE-2022-23522 | High | Arbitrary File Write when Extracting Tarballs retrieved from a remote location using shutil.unpack_archive() |
| 7 | CVE-2023-30620 | High | Arbitrary File Write when Extracting a Remotely retrieved Tarball using Tarfile.extractall() in mindsdb/mindsdb |
| 8 | CVE-2023-31131 | Medium | Arbitrary File Write when Extracting Tarballs retrieved from a remote location using shutil.unpack_archive() in greenplum-db/gpdb |
| 9 | CVE-2023-35932 | High | Configuration Injection in tanghaibao/jcvi due to unsanitized user input - advisory |
| 10 | GHSA-373w-rj84-pv6x | Low | Hostname blocklist does not block FQDNs in IncludeSecurity/safeurl-python - advisory |
| 11 | CVE-2023-39911 | Medium | --- |
| 12 | CVE-2023-42183 | Low | A Post-Unicode Normalization Vulnerability in lockss/lockss-daemon |
| 13 | CVE-2023-41889 | Medium | Late-Unicode normalization vulnerability in shirasagi/shirasagi |
| 14 | CVE-2023-52081 | Low | Late-Unicode normalization vulnerability in ewen-lbh/ffcss |
| 15 | CVE-2024-21623 | Critical | Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets in mehah/otclient |
| 16 | CVE-2024-23343 | Medium | |
| 17 | CVE-2024-23826 | Medium | Uploading an image with a specific filename causes a server-side DoS in spbu-se/spbu_se_site (Website of the Department of System Programming of St. Petersburg State University) |
| 18 | CVE-2024-24759 | Critical | Bypass SSRF Protection with DNS Rebinding in mindsdb/mindsdb |
| 19 | CVE-2024-0081 | High | Unicode use in a user-controlled filename may cause a server-side DoS in Nvidia/NeMo - Nvidia security acknowledgement |
| 20 | CVE-2024-32874 | Medium | Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service |
| 21 | GHSA-9gw7-hxgx-f6rv | Medium | Malicious Long Unicode filenames may cause an Application-level Denial of Service |
| 22 | CVE-2024-1211 | Medium | Require confirmation before linking JWT identity on Gitlab Blog |
| 23 | CVE-2024-35231 | High | Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter |
| 24 | CVE-2024-45412 | Medium | Potential Denial of Service due to the One Milion Unicode characters attack |
| 25 | CVE-2024-8124 | High | Denial of Service via sending a large glm_source parameter in GitLab |
| 26 | CVE-2024-47830 | Critical | Server side request forgery via /_next/image endpoint on makeplane/plane |
| 27 | CVE-2024-12379 | Medium | Denial of Service due to Unbounded Object Creation via the scopes parameter in a Personal Access Token in Gitlab EE |
| 28 | CVE-2024-13054 | Medium | Denial of Service Due to Inefficient Processing of Untrusted Input |
| 29 | CVE-2025-31116 | Medium | SSRF on assetlinks_check with DNS Rebinding |
| 30 | CVE-2025-0549 | Medium | Partial Bypass for Device OAuth flow using Cross Window Forgery |
| 31 | GHSA-6p2v-wcv8-8j6w | Medium | Arbitrary File Read by Copy as a Curl command in a Caido Plugin Exploit Generator - advisory |
✨ ⚡