GitHub Security Lab
订阅

最新

1. GHSL-2020-252: Unsafe handling of symbolic links in archiver unpacking routine
2. GHSL-2020-213: Server-Side Template Injection in BrowserUp Proxy - CVE-2020-26282
3. GHSL-2020-261: Unsafe handling of symbolic links in oc unpacking routine - CVE-2020-27833
4. GHSL-2020-256: Unsafe handling of symbolic links in dbdeployer unpacking routine - CVE-2020-26277
5. GHSL-2020-298: Regular Expression Denial of Service in Metro-UI-CSS
6. GHSL-2020-262: Unsafe handling of symbolic links in go-slug unpacking routine - CVE-2020-29529
7. GHSL-2020-300: Regular Expression Denial of Service in markdown-to-jsx
8. GHSL-2020-306: Regular Expression Denial of Service in highlight.js
9. GHSL-2020-307: Regular Expression Denial of Service in CodeMirror
10. GHSL-2020-309: Regular Expression Denial of Service in Fast-csv - CVE-2020-26256
11. GHSL-2020-311: Regular Expression Denial of Service in SquadCal
12. Security Lab research: a year in review
13. Increased bounty rewards for the GitHub Security Lab community!
14. GHSL-2020-283: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of GoogleCloudPlatform/functions-framework-ruby
15. GHSL-2020-282: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of open-telemetry/opentelemetry-ruby
16. GHSL-2020-285: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of cloudevents/sdk-ruby
17. GHSL-2020-284: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of dazuma/toys
18. GHSL-2020-288: Unauthorized repository modification or secrets exfiltration in GitHub workflows comsuming awslabs/one-line-scan
19. GHSL-2020-286: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of PureStake/moonbeam
20. GHSL-2020-315: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of rux616/karabiner-windows-mode
21. GHSL-2020-247: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of redwoodjs/redwood
22. GHSL-2020-249: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of aws/amazon-chime-sdk-js
23. GHSL-2020-281: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of tskit-dev/msprime
24. GHSL-2020-278: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of stm32-rs/stm32-rs
25. GHSL-2020-279: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of is-a-dev/register
26. GHSL-2020-330: Unauthorized repository modification or secrets exfiltration in two akka repositories
27. GHSL-2020-276: Unauthorized repository modification or secrets exfiltration in nuxt repositories
28. GHSL-2020-320: Unauthorized repository modification or secrets exfiltration in illright/attractions repository
29. GHSL-2020-271: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of openzfs/zfs
30. GHSL-2020-318: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of popsim-consortium/stdpopsim
31. GHSL-2020-248: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of rism-ch/verovio
32. GHSL-2020-317: Unauthorized repository modification or secrets exfiltration in gpuweb/cts repository
33. GHSL-2020-272: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of lampepfl/dotty
34. Keeping your GitHub Actions and workflows secure: Preventing pwn requests
35. GHSL-2020-205: Remote Code Execution in Apache Struts 2 - S2-061 - CVE-2020-17530
36. GHSL-2020-168, GHSL-2020-169, GHSL-2020-170: Integer overflows and file descriptor leak in aptd - CVE-2020-27349, CVE-2020-27350, CVE-2020-27351
37. GHSL-2020-192, GHSL-2020-196: File existence disclosure in aptdeamon - CVE-2020-16128
38. Now you C me, now you don't, part two: exploiting the in-between
39. GHSL-2020-179: Template injection in the GitHub workflows of codacy-coverage-reporter-action repository
40. GHSL-2020-180: Template injection in the GitHub workflows of helm-ssm repository
41. GHSL-2020-181: Template injection in the GitHub workflows of symless synergy-core repository
42. GHSL-2020-136: Unsafe deserialization vulnerabilties in Lumisoft .NET and Lumisoft MailServer
43. GHSL-2020-174: Template injection in the GitHub workflows of codacy-coverage-reporter repository
44. GHSL-2020-176: Template injection in the GitHub workflows of codacy-scalameta repository
45. GHSL-2020-210: Template injection in the GitHub workflow of hyperspacedev/starlight repository
46. GHSL-2020-211: Template injection in a GitHub workflow of namin2/dependabot_jira repository
47. GHSL-2020-212: Template injection in Cron-utils - CVE-2020-26238
48. GHSL-2020-178: Template injection in the GitHub workflows of bitbucket-scala-client repository
49. GHSL-2020-177: Template injection in the GitHub workflows of codacy-plint repository
50. GHSL-2020-209: Template injection in a GitHub workflow of ww-tech/primrose repository
51. GHSL-2020-175: Template injection in the GitHub workflows of codacy-analysis-cli repository
52. GHSL-2020-208: Template injection in a GitHub workflow of SourcePointUSA/android-cmp-app repository
53. GHSL-2020-173: Undocumented template expression evaluation in the gajira-comment GitHub action - CVE-2020-14189
54. GHSL-2020-207: Template injection in a GitHub workflow of repository hashicorp/boundary-ui
55. GHSL-2020-137: Unsafe deserialization in Lumisoft Mail Server
56. GHSL-2020-204: Server-Side Template Injection in Corona Warn App Server
57. GHSL-2020-172: Undocumented template expression evaluation in the gajira-create GitHub action - CVE-2020-14188
58. Securing the fight against COVID-19 through open source
59. GHSL-2020-142: Heap memory corruption in png-img - CVE-2020-28248
60. GHSL-2020-138, GHSL-2020-139: Remote code execution (RCE) and elevation of privileges (EoP) in SmartStoreNET - CVE-2020-27996, CVE-2020-27997
61. How to get root on Ubuntu 20.04 by pretending nobody’s /home
62. GHSL-2020-187: Denial of Service (DoS) in Ubuntu accountsservice - CVE-2020-16126 - CVE-2020-16127
63. GHSL-2020-202: Local Privilege Escalation (LPE) in Ubuntu gdm3 - CVE-2020-16125
64. GHSL-2020-152: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in DualAuthCore
65. GHSL-2020-153: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in dapper-identity
66. GHSL-2020-154: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in OnionArch
67. GHSL-2020-155: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in reactjs-ts-identityserver
68. GHSL-2020-156: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in IdentityWithoutEF
69. GHSL-2020-158: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in AspNetCoreMvcSharedLocalization
70. GHSL-2020-149: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in Angular-Core-IdentityServer
71. GHSL-2020-151: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in little-aspnetcore-todo
72. GHSL-2020-141: Arbitrary code execution in DatabaseSchemaReader - CVE-2020-26207
73. GHSL-2020-143: Arbitrary Code Execution in FastReports - CVE-2020-27998
74. GHSL-2020-134: NULL dereference in Samba - CVE-2020-14323
75. GHSL-2020-157: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in IdentityManager
76. Exploiting a textbook use-after-free in Chrome
77. Hack this repository: The EkoParty 2020 GitHub CTF challenges
78. GHSL-2020-074, 077, 078: Memory corruptions in HPLIP - CVE-2020-6923
79. GHSL-2020-113: Command injection vulnerability in limdu - CVE-2020-4066
80. The Grey area of software security - whose responsibility is it?
81. GHSL-2020-096: Missing hostname validation in tweetstream - CVE-2020-24393
82. GHSL-2020-097: Missing hostname validation in twitter-stream - CVE-2020-24392
83. GHSL-2020-145: Command injection on Windows in Opener
84. GHSL-2020-140: Open redirect in Traefik - CVE-2020-15129
85. The weakest link
86. GHSL-2020-132: SQL Injection in Mailtrain - CVE-2020-24617
87. GHSL-2020-126: Open URL redirect in Orange Forum 1.x.x
88. GHSL-2020-133: Path traversal vulnerability in Adobe git-server - CVE-2020-9708
89. GHSL-2020-109: Command injection in codecov
90. Now you C me, now you don't: An introduction to the hidden attack surface of interpreted languages
91. GHSL-2020-095 : Monster in the middle attack in em-imap - CVE-2020-13163
92. GHSL-2020-042: Server-Side Template Injection in Crafter CMS
93. GHSL-2020-046: Server-Side Template Injection in XWiki
94. GHSL-2020-076: Server-Side Template Injection in Cascade CMS
95. GHSL-2020-086, 087, 088, 089 - Server-Side Template Injection in Apache Camel - CVE-2020-11994
96. GHSL-2020-068: Cross-Site Scripting in Apache OfBiz - CVE-2020-9496
97. GHSL-2020-069: Unsafe deserialization of XMLRPC arguments in ApacheOfBiz - CVE-2020-9496
98. Fuzzing sockets, part 2: FreeRDP
99. GHSL-2020-111: Command injection vulnerability in standard-version
100. Room for Escape: Scribbling Outside the Lines of Template Security
101. GHSL-2020-072: Arbitrary file disclosure in JinJava - CVE-2020-12668
102. Fuzzing software: advanced tricks (Part 2)
103. GHSL-2020-071: Server-side template injection in Lithium CMS
104. GHSL-2020-047: Server-side template injection in dotCMS
105. GHSL-2020-045: Server-side template injection in Atlassian Confluence - CVE-2020-4027
106. GHSL-2020-039: Server-side template injection in Alfresco - CVE-2020-12873
107. GHSL-2020-043: Server-side template injection in Liferay - CVE-2020-13445
108. Structured fuzzing Android's NFC
109. Bean Stalking: Growing Java beans into RCE
110. GHSL-2020-058: OOB read in Apache Guacamole prior to 1.2.0 - CVE-2020-9497
111. GHSL-2020-104: OOB read vulnerability in FreeRDP ntlm_av_pair_get - CVE-2020-11097
112. GHSL-2020-105: OOB read vulnerability in FreeRDP glyph_cache_put - CVE-2020-11098
113. GHSL-2020-106: integer signedness mismatch leading to OOB read in FreeRDP - CVE-2020-4030
114. GHSL-2020-107: OOB read vulnerability in FreeRDP update_read_cache_bitmap_v3_order - CVE-2020-11096
115. GHSL-2020-124: OOB read vulnerability in FreeRDP update_recv_primary_order - CVE-2020-11095
116. GHSL-2020-125: integer signedness mismatch vulnerability in FreeRDP leads to OOB read - CVE-2020-4032
117. GHSL-2020-103: OOB read vulnerability in FreeRDP license_read_new_or_upgrade_license_packet - CVE-2020-11099
118. GHSL-2020-128: OOB read vulnerability in FreeRDP RLEDECOMPRESS - CVE-2020-4033
119. GHSL-2020-110: Command Injection in mversion
120. GHSL-2020-122: Command injection in git-diff-apply
121. Variant analysis of Web Audio callback vulnerabilities in Chrome
122. Last orders at the House of Force
123. GHSL-2020-099: mXSS vulnerability in AngularJS
124. GHSL-2020-100: Out of Bounds (OOB) read vulnerability in FreeRDP - CVE-2020-13396
125. GHSL-2020-101: NULL dereference in FreeRDP FIPS routines - CVE-2020-13397
126. GHSL-2020-102: Heap overflow in FreeRDP crypto_rsa_common - CVE-2020-13398
127. GHSL-2020-119: command injection vulnerability in node-dns-sync resolve method - CVE-2020-11079
128. GHSL-2020-094: Missing SSL/TLS certificate hostname validation in em-http-request - CVE-2020-13482
129. GHSL-2020-057: dbus file descriptor leak (DoS) - CVE-2020-12049
130. GHSL-2020-075, GHSL-2020-079, GHSL-2020-080, GHSL-2020-081, GHSL-2020-082, GHSL-2020-083, GHSL-2020-084: Multiple vulnerabilities in SANE Backends (DoS, RCE)
131. GHSL-2020-064: integer overflow in LibVNCClient HandleCursorShape resulting in remote heap overflow - CVE-2019-20788
132. The Octopus Scanner Malware: Attacking the open source supply chain
133. GHSL-2020-073: Path traversal in Jooby - CVE-2020-7647
134. Hot lava: A case study in hunting for network integer arithmetic flaws
135. GHSL-2020-054: XSS in Apache Syncope - CVE-2020-1961
136. GHSL-2020-055: Server-Side Template Injection in Apache Syncope (RCE) - CVE-2019-17557
137. GHSL-2020-020: EL expression input sanitation bypass in Hibernate Validator - CVE-2020-10693
138. GHSL-2020-029: Server-Side template injection in Apache Syncope (RCE) - CVE-2020-1959
139. GHSL-2020-085: Open redirect vulnerability in Sourcegraph - CVE-2020-12283
140. Triggering garbage collection with rejected promises to cause use-after-free in Chrome
141. GHSL-2020-007: Out-of-bounds write in Android Open Source Project - CVE-2020-0072
142. GHSL-2020-008: Out-Of-Bounds write in Android Open Source Project - CVE-2020-0071
143. GHSL-2020-051, GHSL-2020-052: Multiple vulnerabilities in NTOP nDPI
144. GHSL-2020-006: Out-Of-Bounds write in Android Open Source Project - CVE-2020-0073
145. GHSL-2020-010: Out-Of-Bounds write in Android Open Source Project - CVE-2020-0070
146. GHSL-2020-031: SQL injection in PureFTPd
147. GHSL-2020-038: Use after free in Chrome WebAudio
148. GHSL-2020-040: Use After Free in Chrome WebAudio
149. GHSL-2020-041: Use After Free in Chrome WebAudio
150. GHSL-2020-037: Use after free in Chrome WebAudio
151. GHSL-2020-035: Use after free in Chrome WebAudio
152. GHSL-2020-053: Use After Free in Chrome WebAudio
153. GHSL-2020-030: Server-Side Template Injection in Dropwizard
154. Fuzzing sockets, part 1: FTP servers
155. GHSL-2020-015: Remote Code Execution - Bypass of CVE-2018-16621 mitigations in Nexus Repository Manager
156. GHSL-2020-012: Remote Code Execution - JavaEL Injection (high privileged accounts) in Nexus Repository Manager
157. GHSL-2020-013: Remote Code Execution - Dynamic Code Evaluation via Scripts in Nexus Repository Manager
158. GHSL-2020-014: Remote Code execution - Dynamic Code Evaluation via Scheduled Tasks in Nexus Repository Manager
159. GHSL-2020-009: UAF leads to RCE in ProFTPD
160. GHSL-2020-011: Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager
161. GHSL-2020-016: Persistent Cross-Site scripting in Nexus Repository Manager
162. Hey look ma, I'm doing crypto!
163. GHSL-2020-056: Double free in OpenSSL client
164. GHSL-2020-027: Server-Side Template Injection in Netflix Conductor
165. GHSL-2020-028: Server-Side Template Injection in Netflix Titus
166. CERT partners with GitHub Security Lab for automated remediation of CVE-2020-8597
167. GHSL-2020-001: Off-by-one heap overflow in Bftpd
168. GHSL-2020-002: out-of-bounds (OOB) read in ProFTPD
169. GHSL-2020-003, GHSL-2020-004, GHSL-2020-005: Person in the middle attack on openfortivpn clients
170. GHSL-2020-025: OOB read and DoS in PureFTPd
171. GHSL-2020-026: Person in the middle attacks with lua-openssl
172. GHSL-2020-032: out-of-bounds (OOB) read vulnerability in PureFTPd
173. CVE-2020-0688 Losing the keys to your kingdom
174. CVE-2020-5398 Reflected File Download in Spring MVC/WebFlux
175. How to escape from the fuzz
176. CVE-2019-10779: Cross-site scripting in GCHQ Stroom
177. Fuzzing software: common challenges and potential solutions (Part 1)
178. Review of Chromium IPC vulnerabilities
179. Ubuntu whoopsie integer overflow vulnerability (CVE-2019-11484)
180. Ubuntu apport PID recycling vulnerability (CVE-2019-15790)
181. Ubuntu apport TOCTOU vulnerability (CVE-2019-7307)
182. Whoopsie-daisy: Chaining accidental features of Ubuntu’s crash reporter to get LPE
183. Anatomy of a Coffee Bean (Wireless Vulnerabilities in Linux Kernel)
184. Bug Hunting with CodeQL, an Rsyslog Case Study
185. Another libssh2 integer overflow (CVE-2019-17498)
186. In-Memory Data Grid Applications: Finding Common Java Deserialization Vulnerabilities with CodeQL
187. VLC Vulnerabilities Discovered by the GitHub Security Research Team
188. U-Boot NFS RCE Vulnerabilities (CVE-2019-14192)
189. libssh2 integer overflows and an out-of-bounds read (CVE-2019-13115)
190. Insecure Deserialization: Finding Java Vulnerabilities with CodeQL
191. Facebook Fizz integer overflow vulnerability (CVE-2019-3560)
192. Exploiting CVE-2018-19134: Ghostscript RCE through type confusion
193. Ghostscript type confusion: Using variant analysis to find vulnerabilities
194. CVE-2018-19475: Ghostscript shell command execution in SAFER mode
195. Apple XNU exploits: ICMP proof of concept
196. OGNL Apache Struts exploit: Weaponizing a sandbox bypass (CVE-2018-11776)
197. CVE-2018-18820: Snprintf Vulnerability in Icecast
198. Kernel crash caused by out-of-bounds write in Apple's ICMP packet-handling code (CVE-2018-4407)
199. CVE-2018-4259: MacOS NFS vulnerabilties lead to kernel RCE
200. Apache Struts double evaluation RCE lottery
201. OGNL injection in Apache Struts: Discovering exploits with taint tracking
202. CVE-2018-11776: How to find 5 RCEs in Apache Struts with CodeQL
203. Librelp buffer overflow fix (cve-2018-1000140) - a collaboration between Adiscon and Semmle
204. CVE-2018-4249 & CVE-2017-13904: Remote code execution in Apple's packet mangler
205. Apple NFS Diskless Boot: Negative integer overflow vulnerabilities (CVE-2018-4136 & CVE-2018-4160)
206. Etherpad reflected file download: Vulnerability hunting with CodeQL (CVE-2018-6835)
207. Spring Data REST exploit (CVE-2017-8046): Finding a RCE vulnerability with CodeQL
208. Android Deserialization Vulnerabilities: A Brief history
209. Stack buffer overflow in Qualcomm MSM 4.4 - Finding bugs with CodeQL
210. Castor and Hessian java deserialization vulnerabilities
211. XXE attack example using jBoss vulnerability (jBPM) CVE-2017-7545
212. Apple's XNU Kernel: Finding a memory exposure vulnerability with CodeQL (CVE-2017-13782)
213. Restlet XXE vulnerability (CVE-2017-14949)
214. Swagger YAML Parser Vulnerability (CVE-2017-1000207 and CVE-2017-1000208)
215. Restlet XML External Entity Expansion Vulnerability (CVE-2017-14868)
216. Spring AMQP Exploit (CVE-2017-8045): Remote Code Execution Vulnerability
217. CVE-2017-9805: How CodeQL found a remote code execution vulnerability in Apache Struts
更新于 20 分钟前

历史数据已过滤上面最新数据

2021-01-13 GHSL-2020-252: Unsafe handling of symbolic links in archiver unpacking routine
2021-01-13 GHSL-2020-213: Server-Side Template Injection in BrowserUp Proxy - CVE-2020-26282
2021-01-13 GHSL-2020-261: Unsafe handling of symbolic links in oc unpacking routine - CVE-2020-27833
2021-01-13 GHSL-2020-256: Unsafe handling of symbolic links in dbdeployer unpacking routine - CVE-2020-26277
2021-01-13 GHSL-2020-298: Regular Expression Denial of Service in Metro-UI-CSS
2021-01-13 GHSL-2020-262: Unsafe handling of symbolic links in go-slug unpacking routine - CVE-2020-29529
2021-01-13 GHSL-2020-300: Regular Expression Denial of Service in markdown-to-jsx
2021-01-13 GHSL-2020-306: Regular Expression Denial of Service in highlight.js
2021-01-13 GHSL-2020-307: Regular Expression Denial of Service in CodeMirror
2021-01-13 GHSL-2020-309: Regular Expression Denial of Service in Fast-csv - CVE-2020-26256
2021-01-13 GHSL-2020-311: Regular Expression Denial of Service in SquadCal
2020-12-26 Increased bounty rewards for the GitHub Security Lab community!
2020-12-26 Security Lab research: a year in review
2020-12-26 GHSL-2020-278: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of stm32-rs/stm32-rs
2020-12-26 GHSL-2020-279: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of is-a-dev/register
2020-12-26 GHSL-2020-281: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of tskit-dev/msprime
2020-12-26 GHSL-2020-282: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of open-telemetry/opentelemetry-ruby
2020-12-26 GHSL-2020-248: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of rism-ch/verovio
2020-12-26 GHSL-2020-271: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of openzfs/zfs
2020-12-26 GHSL-2020-286: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of PureStake/moonbeam
2020-12-26 GHSL-2020-288: Unauthorized repository modification or secrets exfiltration in GitHub workflows comsuming awslabs/one-line-scan
2020-12-26 GHSL-2020-315: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of rux616/karabiner-windows-mode
2020-12-26 GHSL-2020-317: Unauthorized repository modification or secrets exfiltration in gpuweb/cts repository
2020-12-26 GHSL-2020-318: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of popsim-consortium/stdpopsim
2020-12-26 GHSL-2020-320: Unauthorized repository modification or secrets exfiltration in illright/attractions repository
2020-12-26 GHSL-2020-330: Unauthorized repository modification or secrets exfiltration in two akka repositories
2020-12-26 GHSL-2020-276: Unauthorized repository modification or secrets exfiltration in nuxt repositories
2020-12-26 GHSL-2020-272: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of lampepfl/dotty
2020-12-26 GHSL-2020-285: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of cloudevents/sdk-ruby
2020-12-26 GHSL-2020-249: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of aws/amazon-chime-sdk-js
2020-12-26 GHSL-2020-284: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of dazuma/toys
2020-12-26 GHSL-2020-247: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of redwoodjs/redwood
2020-12-26 GHSL-2020-283: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of GoogleCloudPlatform/functions-framework-ruby
2020-12-26 GHSL-2020-192, GHSL-2020-196: File existence disclosure in aptdeamon - CVE-2020-16128
2020-12-26 GHSL-2020-168, GHSL-2020-169, GHSL-2020-170: Integer overflows and file descriptor leak in aptd - CVE-2020-27349, CVE-2020-27350, CVE-2020-27351
2020-12-26 GHSL-2020-205: Remote Code Execution in Apache Struts 2 - S2-061 - CVE-2020-17530
2020-12-26 GHSL-2020-177: Template injection in the GitHub workflows of codacy-plint repository
2020-12-26 GHSL-2020-178: Template injection in the GitHub workflows of bitbucket-scala-client repository
2020-12-26 Keeping your GitHub Actions and workflows secure: Preventing pwn requests arkadiyt
2020-12-26 Now you C me, now you don't, part two: exploiting the in-between aburan28
2020-12-26 GHSL-2020-179: Template injection in the GitHub workflows of codacy-coverage-reporter-action repository
2020-12-26 GHSL-2020-180: Template injection in the GitHub workflows of helm-ssm repository
2020-12-26 GHSL-2020-172: Undocumented template expression evaluation in the gajira-create GitHub action - CVE-2020-14188
2020-12-26 GHSL-2020-174: Template injection in the GitHub workflows of codacy-coverage-reporter repository
2020-12-26 GHSL-2020-208: Template injection in a GitHub workflow of SourcePointUSA/android-cmp-app repository
2020-12-26 GHSL-2020-209: Template injection in a GitHub workflow of ww-tech/primrose repository
2020-12-26 GHSL-2020-136: Unsafe deserialization vulnerabilties in Lumisoft .NET and Lumisoft MailServer
2020-12-26 GHSL-2020-211: Template injection in a GitHub workflow of namin2/dependabot_jira repository
2020-12-26 GHSL-2020-212: Template injection in Cron-utils - CVE-2020-26238
2020-12-26 GHSL-2020-176: Template injection in the GitHub workflows of codacy-scalameta repository
2020-12-26 GHSL-2020-175: Template injection in the GitHub workflows of codacy-analysis-cli repository
2020-12-26 GHSL-2020-207: Template injection in a GitHub workflow of repository hashicorp/boundary-ui
2020-12-26 GHSL-2020-173: Undocumented template expression evaluation in the gajira-comment GitHub action - CVE-2020-14189
2020-12-26 GHSL-2020-204: Server-Side Template Injection in Corona Warn App Server
2020-12-26 GHSL-2020-137: Unsafe deserialization in Lumisoft Mail Server
2020-12-26 GHSL-2020-181: Template injection in the GitHub workflows of symless synergy-core repository
2020-12-26 GHSL-2020-210: Template injection in the GitHub workflow of hyperspacedev/starlight repository
2020-12-26 GHSL-2020-138, GHSL-2020-139: Remote code execution (RCE) and elevation of privileges (EoP) in SmartStoreNET - CVE-2020-27996, CVE-2020-27997
2020-12-26 GHSL-2020-142: Heap memory corruption in png-img - CVE-2020-28248
2020-12-26 GHSL-2020-187: Denial of Service (DoS) in Ubuntu accountsservice - CVE-2020-16126 - CVE-2020-16127
2020-12-26 GHSL-2020-202: Local Privilege Escalation (LPE) in Ubuntu gdm3 - CVE-2020-16125
2020-12-26 GHSL-2020-151: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in little-aspnetcore-todo
2020-12-26 GHSL-2020-152: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in DualAuthCore
2020-12-26 GHSL-2020-153: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in dapper-identity
2020-12-26 GHSL-2020-154: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in OnionArch
2020-12-26 GHSL-2020-155: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in reactjs-ts-identityserver
2020-12-26 GHSL-2020-149: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in Angular-Core-IdentityServer
2020-12-26 GHSL-2020-158: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in AspNetCoreMvcSharedLocalization
2020-12-26 GHSL-2020-156: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in IdentityWithoutEF
2020-12-26 GHSL-2020-141: Arbitrary code execution in DatabaseSchemaReader - CVE-2020-26207
2020-12-26 Securing the fight against COVID-19 through open source fredrb
2020-12-26 How to get root on Ubuntu 20.04 by pretending nobody’s /home generalizations
2020-12-26 GHSL-2020-143: Arbitrary Code Execution in FastReports - CVE-2020-27998
2020-12-26 GHSL-2020-134: NULL dereference in Samba - CVE-2020-14323
2020-12-26 GHSL-2020-157: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in IdentityManager
2020-12-26 Exploiting a textbook use-after-free in Chrome
2020-12-26 Hack this repository: The EkoParty 2020 GitHub CTF challenges
2020-12-26 GHSL-2020-074, 077, 078: Memory corruptions in HPLIP - CVE-2020-6923
2020-12-26 GHSL-2020-113: Command injection vulnerability in limdu - CVE-2020-4066
2020-12-26 The Grey area of software security - whose responsibility is it?
2020-12-26 GHSL-2020-096: Missing hostname validation in tweetstream - CVE-2020-24393
2020-12-26 GHSL-2020-097: Missing hostname validation in twitter-stream - CVE-2020-24392
2020-12-26 GHSL-2020-145: Command injection on Windows in Opener
2020-12-26 GHSL-2020-140: Open redirect in Traefik - CVE-2020-15129
2020-12-26 The weakest link
2020-12-26 GHSL-2020-132: SQL Injection in Mailtrain - CVE-2020-24617
2020-12-26 GHSL-2020-126: Open URL redirect in Orange Forum 1.x.x
2020-12-26 GHSL-2020-133: Path traversal vulnerability in Adobe git-server - CVE-2020-9708
2020-12-26 GHSL-2020-109: Command injection in codecov
2020-12-26 GHSL-2020-095 : Monster in the middle attack in em-imap - CVE-2020-13163
2020-12-26 GHSL-2020-042: Server-Side Template Injection in Crafter CMS
2020-12-26 GHSL-2020-046: Server-Side Template Injection in XWiki
2020-12-26 GHSL-2020-076: Server-Side Template Injection in Cascade CMS
2020-12-26 GHSL-2020-086, 087, 088, 089 - Server-Side Template Injection in Apache Camel - CVE-2020-11994
2020-12-26 GHSL-2020-068: Cross-Site Scripting in Apache OfBiz - CVE-2020-9496
2020-12-26 GHSL-2020-069: Unsafe deserialization of XMLRPC arguments in ApacheOfBiz - CVE-2020-9496
2020-12-26 Fuzzing sockets, part 2: FreeRDP
2020-12-26 GHSL-2020-111: Command injection vulnerability in standard-version
2020-12-26 Room for Escape: Scribbling Outside the Lines of Template Security
2020-12-26 GHSL-2020-072: Arbitrary file disclosure in JinJava - CVE-2020-12668
2020-12-26 Fuzzing software: advanced tricks (Part 2)
2020-12-26 GHSL-2020-071: Server-side template injection in Lithium CMS
2020-12-26 GHSL-2020-047: Server-side template injection in dotCMS
2020-12-26 GHSL-2020-045: Server-side template injection in Atlassian Confluence - CVE-2020-4027
2020-12-26 GHSL-2020-043: Server-side template injection in Liferay - CVE-2020-13445
2020-12-26 GHSL-2020-039: Server-side template injection in Alfresco - CVE-2020-12873
2020-12-26 Now you C me, now you don't: An introduction to the hidden attack surface of interpreted languages pcw888
2020-12-26 Structured fuzzing Android's NFC
2020-12-26 Bean Stalking: Growing Java beans into RCE
2020-12-26 GHSL-2020-058: OOB read in Apache Guacamole prior to 1.2.0 - CVE-2020-9497
2020-12-26 GHSL-2020-104: OOB read vulnerability in FreeRDP ntlm_av_pair_get - CVE-2020-11097
2020-12-26 GHSL-2020-105: OOB read vulnerability in FreeRDP glyph_cache_put - CVE-2020-11098
2020-12-26 GHSL-2020-103: OOB read vulnerability in FreeRDP license_read_new_or_upgrade_license_packet - CVE-2020-11099
2020-12-26 GHSL-2020-107: OOB read vulnerability in FreeRDP update_read_cache_bitmap_v3_order - CVE-2020-11096
2020-12-26 GHSL-2020-124: OOB read vulnerability in FreeRDP update_recv_primary_order - CVE-2020-11095
2020-12-26 GHSL-2020-125: integer signedness mismatch vulnerability in FreeRDP leads to OOB read - CVE-2020-4032
2020-12-26 GHSL-2020-128: OOB read vulnerability in FreeRDP RLEDECOMPRESS - CVE-2020-4033
2020-12-26 GHSL-2020-106: integer signedness mismatch leading to OOB read in FreeRDP - CVE-2020-4030
2020-12-26 GHSL-2020-110: Command Injection in mversion
2020-12-26 GHSL-2020-122: Command injection in git-diff-apply
2020-12-26 Variant analysis of Web Audio callback vulnerabilities in Chrome
2020-12-26 Last orders at the House of Force
2020-12-26 GHSL-2020-057: dbus file descriptor leak (DoS) - CVE-2020-12049
2020-12-26 GHSL-2020-064: integer overflow in LibVNCClient HandleCursorShape resulting in remote heap overflow - CVE-2019-20788
2020-12-26 GHSL-2020-075, GHSL-2020-079, GHSL-2020-080, GHSL-2020-081, GHSL-2020-082, GHSL-2020-083, GHSL-2020-084: Multiple vulnerabilities in SANE Backends (DoS, RCE)
2020-12-26 GHSL-2020-094: Missing SSL/TLS certificate hostname validation in em-http-request - CVE-2020-13482
2020-12-26 GHSL-2020-099: mXSS vulnerability in AngularJS
2020-12-26 GHSL-2020-100: Out of Bounds (OOB) read vulnerability in FreeRDP - CVE-2020-13396
2020-12-26 GHSL-2020-101: NULL dereference in FreeRDP FIPS routines - CVE-2020-13397
2020-12-26 GHSL-2020-102: Heap overflow in FreeRDP crypto_rsa_common - CVE-2020-13398
2020-12-26 GHSL-2020-119: command injection vulnerability in node-dns-sync resolve method - CVE-2020-11079
2020-12-26 The Octopus Scanner Malware: Attacking the open source supply chain dfrankow
2020-12-26 GHSL-2020-073: Path traversal in Jooby - CVE-2020-7647
2020-12-26 GHSL-2020-020: EL expression input sanitation bypass in Hibernate Validator - CVE-2020-10693
2020-12-26 GHSL-2020-029: Server-Side template injection in Apache Syncope (RCE) - CVE-2020-1959
2020-12-26 GHSL-2020-054: XSS in Apache Syncope - CVE-2020-1961
2020-12-26 GHSL-2020-055: Server-Side Template Injection in Apache Syncope (RCE) - CVE-2019-17557
2020-12-26 GHSL-2020-085: Open redirect vulnerability in Sourcegraph - CVE-2020-12283
2020-12-26 GHSL-2020-007: Out-of-bounds write in Android Open Source Project - CVE-2020-0072
2020-12-26 GHSL-2020-008: Out-Of-Bounds write in Android Open Source Project - CVE-2020-0071
2020-12-26 GHSL-2020-010: Out-Of-Bounds write in Android Open Source Project - CVE-2020-0070
2020-12-26 GHSL-2020-051, GHSL-2020-052: Multiple vulnerabilities in NTOP nDPI
2020-12-26 GHSL-2020-006: Out-Of-Bounds write in Android Open Source Project - CVE-2020-0073
2020-12-26 GHSL-2020-031: SQL injection in PureFTPd
2020-12-26 GHSL-2020-035: Use after free in Chrome WebAudio
2020-12-26 GHSL-2020-037: Use after free in Chrome WebAudio
2020-12-26 GHSL-2020-038: Use after free in Chrome WebAudio
2020-12-26 GHSL-2020-040: Use After Free in Chrome WebAudio
2020-12-26 GHSL-2020-041: Use After Free in Chrome WebAudio
2020-12-26 GHSL-2020-053: Use After Free in Chrome WebAudio
2020-12-26 GHSL-2020-030: Server-Side Template Injection in Dropwizard
2020-12-26 Fuzzing sockets, part 1: FTP servers
2020-12-26 GHSL-2020-012: Remote Code Execution - JavaEL Injection (high privileged accounts) in Nexus Repository Manager
2020-12-26 GHSL-2020-013: Remote Code Execution - Dynamic Code Evaluation via Scripts in Nexus Repository Manager
2020-12-26 GHSL-2020-014: Remote Code execution - Dynamic Code Evaluation via Scheduled Tasks in Nexus Repository Manager
2020-12-26 GHSL-2020-015: Remote Code Execution - Bypass of CVE-2018-16621 mitigations in Nexus Repository Manager
2020-12-26 GHSL-2020-009: UAF leads to RCE in ProFTPD
2020-12-26 GHSL-2020-011: Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager
2020-12-26 GHSL-2020-016: Persistent Cross-Site scripting in Nexus Repository Manager
2020-12-26 Hey look ma, I'm doing crypto!
2020-12-26 GHSL-2020-056: Double free in OpenSSL client
2020-12-26 GHSL-2020-027: Server-Side Template Injection in Netflix Conductor
2020-12-26 GHSL-2020-028: Server-Side Template Injection in Netflix Titus
2020-12-26 Hot lava: A case study in hunting for network integer arithmetic flaws bleakgadfly
2020-12-26 Triggering garbage collection with rejected promises to cause use-after-free in Chrome wslh
2020-12-26 Review of Chromium IPC vulnerabilities wslh
2020-12-26 Whoopsie-daisy: Chaining accidental features of Ubuntu’s crash reporter to get LPE DyslexicAtheist
2020-12-26 CERT partners with GitHub Security Lab for automated remediation of CVE-2020-8597
2020-12-26 GHSL-2020-002: out-of-bounds (OOB) read in ProFTPD
2020-12-26 GHSL-2020-003, GHSL-2020-004, GHSL-2020-005: Person in the middle attack on openfortivpn clients
2020-12-26 GHSL-2020-025: OOB read and DoS in PureFTPd
2020-12-26 GHSL-2020-001: Off-by-one heap overflow in Bftpd
2020-12-26 GHSL-2020-032: out-of-bounds (OOB) read vulnerability in PureFTPd
2020-12-26 GHSL-2020-026: Person in the middle attacks with lua-openssl
2020-12-26 CVE-2020-0688 Losing the keys to your kingdom
2020-12-26 CVE-2020-5398 Reflected File Download in Spring MVC/WebFlux
2020-12-26 How to escape from the fuzz
2020-12-26 CVE-2019-10779: Cross-site scripting in GCHQ Stroom
2020-12-26 Fuzzing software: common challenges and potential solutions (Part 1)
2020-12-26 Ubuntu whoopsie integer overflow vulnerability (CVE-2019-11484)
2020-12-26 Ubuntu apport PID recycling vulnerability (CVE-2019-15790)
2020-12-26 Ubuntu apport TOCTOU vulnerability (CVE-2019-7307)
2020-12-26 Bug Hunting with CodeQL, an Rsyslog Case Study
2020-12-26 Anatomy of a Coffee Bean (Wireless Vulnerabilities in Linux Kernel)
2020-12-26 Another libssh2 integer overflow (CVE-2019-17498)
2020-12-26 In-Memory Data Grid Applications: Finding Common Java Deserialization Vulnerabilities with CodeQL
2020-12-26 VLC Vulnerabilities Discovered by the GitHub Security Research Team
2020-12-26 U-Boot NFS RCE Vulnerabilities (CVE-2019-14192)
2020-12-26 libssh2 integer overflows and an out-of-bounds read (CVE-2019-13115)
2020-12-26 Insecure Deserialization: Finding Java Vulnerabilities with CodeQL
2020-12-26 Facebook Fizz integer overflow vulnerability (CVE-2019-3560)
2020-12-26 Exploiting CVE-2018-19134: Ghostscript RCE through type confusion
2020-12-26 Ghostscript type confusion: Using variant analysis to find vulnerabilities
2020-12-26 CVE-2018-19475: Ghostscript shell command execution in SAFER mode
2020-12-26 Apple XNU exploits: ICMP proof of concept
2020-12-26 OGNL Apache Struts exploit: Weaponizing a sandbox bypass (CVE-2018-11776)
2020-12-26 CVE-2018-18820: Snprintf Vulnerability in Icecast
2020-12-26 Kernel crash caused by out-of-bounds write in Apple's ICMP packet-handling code (CVE-2018-4407)
2020-12-26 CVE-2018-4259: MacOS NFS vulnerabilties lead to kernel RCE
2020-12-26 Apache Struts double evaluation RCE lottery

匿名用户只展示最新 300 条榜单历史,更多历史数据请登录后查看,支持时光机按天筛选

Sponsors

天天免单福利聚合

猜你喜欢