VYPR

Trufflehog

by Trufflesecurity

Source repositories

CVEs (2)

  • CVE-2025-41390HigOct 20, 2025
    risk 0.51cvss 7.8epss 0.00

    An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability.

  • CVE-2024-43379Aug 19, 2024
    risk 0.00cvss epss 0.00

    TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make an unauthorized request to an endpoint chosen by the attacker. For an exploit…