VYPR
Vendor

Octokit

Products
9
CVEs
7
Across products
7
Status
Private

Products

9

Recent CVEs

7
  • CVE-2025-25290MedFeb 14, 2025
    risk 0.28cvss 5.3epss 0.01

    @octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression `/<([^>]+)>; rel="deprecation"/` used to match the `link` header in HTTP…

  • CVE-2025-25289MedFeb 14, 2025
    risk 0.27cvss 5.3epss 0.01

    @octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing…

  • CVE-2025-25288MedFeb 14, 2025
    risk 0.27cvss 5.3epss 0.01

    @octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package `@octokit/plugin-paginate-rest`, when calling `octokit.paginate.iterator()`, a specially crafted `octokit`…

  • CVE-2025-25285MedFeb 14, 2025
    risk 0.27cvss 5.3epss 0.01

    @octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific `options` parameters, the `endpoint.parse(options)` call can be triggered, leading to a regular expression denial-of-service…

  • CVE-2023-50728Dec 15, 2023
    risk 0.00cvss epss 0.01

    octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The…

  • CVE-2022-31071Jun 15, 2022
    risk 0.00cvss epss 0.00

    Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This…

  • CVE-2022-31072Jun 15, 2022
    risk 0.00cvss epss 0.00

    Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644).…