Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
github toolkit vulnerabilities and exploits
(subscribe to this query)
5
CVSSv3
CVE-2022-35954
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write...
Github Toolkit
8.8
CVSSv3
CVE-2022-46146
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 a...
Prometheus Exporter Toolkit
NA
CVE-2024-27304
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the atta...
NA
CVE-2024-27289
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second...
4.3
CVSSv3
CVE-2023-29401
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filenam...
Gin-gonic Gin
7.3
CVSSv3
CVE-2023-26125
Versions of the package github.com/gin-gonic/gin prior to 1.9.0 are vulnerable to Improper Input Validation by allowing an malicious user to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. **Note:** Although this issue do...
Gin-gonic Gin
7.2
CVSSv3
CVE-2021-23337
Lodash versions before 4.17.21 are vulnerable to Command Injection via the template function.
Lodash Lodash
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Retail Customer Management And Segmentation Foundation 19.0
Oracle Communications Services Gatekeeper 7.0
Oracle Enterprise Communications Broker 3.2.0
Oracle Primavera Unifier 20.12
Oracle Banking Extensibility Workbench 14.3.0
Oracle Banking Trade Finance Process Management 14.3.0
Oracle Banking Credit Facilities Process Management 14.3.0
Oracle Banking Corporate Lending Process Management 14.3.0
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Primavera Gateway
Oracle Communications Session Border Controller 8.4
Oracle Communications Session Border Controller 9.0
Oracle Banking Supply Chain Finance 14.2.0
Oracle Banking Trade Finance Process Management 14.5.0
Oracle Banking Credit Facilities Process Management 14.2.0
Oracle Banking Credit Facilities Process Management 14.5.0
Oracle Banking Corporate Lending Process Management 14.2.0
9 Github repositories
6.5
CVSSv3
CVE-2022-1365
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch before 3.1.5.
Cross-fetch Project Cross-fetch
9.3
CVSSv3
CVE-2022-1650
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.
Eventsource Eventsource
Debian Debian Linux 10.0
7.8
CVSSv3
CVE-2022-0392
Heap-based Buffer Overflow in GitHub repository vim before 8.2.
Vim Vim
Apple Macos
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »