How we use Dependabot to secure GitHub

At GitHub, we draw on our own experience using GitHub to build GitHub. As an example of this, we use a number of GitHub Advanced Security features internally. This post covers how we rolled out Depend ...

Continue Reading
RSAC 2022 – The Year of API Security

Not only is RSAC back in person, but [API security]() is coming to the forefront. Wallarm, the G2 leader in Application Security, is thrilled to be back at RSAC where we will show off all of our new A ...

Continue Reading
CVE-2022-29353

An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename.Read More ...

Continue Reading
Improper Access Control in wp-graphql

The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL quer ...

Continue Reading
CVE-2022-24827

Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameteri ...

Continue Reading
Improper Removal of Sensitive Information Before Storage or Transfer in irrd

IRRd did not always filter password hashes in query responses relating to `mntner` objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-for ...

Continue Reading
CVE-2021-4191

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumerat ...

Continue Reading
CVE-2022-29353

An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename.Read More ...

Continue Reading

Back to Main

Subscribe for the latest news: