Skip to content
View Sim4n6's full-sized avatar
48 followers · 80 following

Achievements

Achievement: YOLOAchievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Arctic Code Vault ContributorAchievement: Pull Sharkx2

Achievements

Achievement: YOLOAchievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Arctic Code Vault ContributorAchievement: Pull Sharkx2

Highlights

Block or report Sim4n6

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Sim4n6/README.md
CVE Severity Description
1 CVE-2022-1993 High Path Traversal vulnerability on the endpoint '/info/refs' in Gogs (A self-hosted Git service) - advisory
2 CVE-2022-3607 Medium ZipSlip Symlink variant allows to read any file within OctoPrint Box in Octoprint (An open source 3D printer controller application)
3 CVE-2022-23530 Low GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package (DataDog CLI tool to identify malicious PyPI and npm packages or Go modules) - advisory
4 CVE-2023-25804 Medium Limited Path Traversal in name parameter hap-wi/roxy-wi
5 CVE-2023-25803 CVE-2023-25802 High Directory Traversal vulnerability in hap-wi/roxy-wi
6 CVE-2022-23522 High Arbitrary File Write when Extracting Tarballs retrieved from a remote location using shutil.unpack_archive()
7 CVE-2023-30620 High Arbitrary File Write when Extracting a Remotely retrieved Tarball using Tarfile.extractall() in mindsdb/mindsdb
8 CVE-2023-31131 Medium Arbitrary File Write when Extracting Tarballs retrieved from a remote location using shutil.unpack_archive() in greenplum-db/gpdb
9 CVE-2023-35932 High Configuration Injection in tanghaibao/jcvi due to unsanitized user input - advisory
10 GHSA-373w-rj84-pv6x Low Hostname blocklist does not block FQDNs in IncludeSecurity/safeurl-python - advisory
11 CVE-2023-39911 Medium ---
12 CVE-2023-42183 Low A Post-Unicode Normalization Vulnerability in lockss/lockss-daemon
13 CVE-2023-41889 Medium Late-Unicode normalization vulnerability in shirasagi/shirasagi
14 CVE-2023-52081 Low Late-Unicode normalization vulnerability in ewen-lbh/ffcss
15 CVE-2024-21623 Critical Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets in mehah/otclient
16 CVE-2024-23343 Medium
17 CVE-2024-23826 Medium Uploading an image with a specific filename causes a server-side DoS in spbu-se/spbu_se_site (Website of the Department of System Programming of St. Petersburg State University)
18 CVE-2024-24759 Critical Bypass SSRF Protection with DNS Rebinding in mindsdb/mindsdb
19 CVE-2024-0081 High Unicode use in a user-controlled filename may cause a server-side DoS in Nvidia/NeMo - Nvidia security acknowledgement
20 CVE-2024-32874 Medium Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
21 GHSA-9gw7-hxgx-f6rv Medium Malicious Long Unicode filenames may cause an Application-level Denial of Service
22 CVE-2024-1211 Medium Require confirmation before linking JWT identity on Gitlab Blog
23 CVE-2024-35231 High Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
24 CVE-2024-45412 Medium Potential Denial of Service due to the One Milion Unicode characters attack
25 CVE-2024-8124 High Denial of Service via sending a large glm_source parameter in GitLab
26 CVE-2024-47830 Critical Server side request forgery via /_next/image endpoint on makeplane/plane
27 CVE-2024-12379 Medium Denial of Service due to Unbounded Object Creation via the scopes parameter in a Personal Access Token in Gitlab EE
28 CVE-2024-13054 Medium Denial of Service Due to Inefficient Processing of Untrusted Input
29 CVE-2025-31116 Medium SSRF on assetlinks_check with DNS Rebinding
30 CVE-2025-0549 Medium Partial Bypass for Device OAuth flow using Cross Window Forgery
31 GHSA-6p2v-wcv8-8j6w Medium Arbitrary File Read by Copy as a Curl command in a Caido Plugin Exploit Generator - advisory
32 CVE-2025-0673 High an attacker can trigger an infinite redirect loop, potentially leading to a denial of service condition in Gitlab EE.
33 CVE-2025-52481 Low

Pinned Loading

  1. github/codeql github/codeql Public

    CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

    CodeQL 8.6k 1.7k

  2. Sim4n6 Sim4n6 Public

    2