Public Disclosure
Responsible disclosure of 0-day vulnerabilities is one way we show our gratitude to all the beautiful ❤️ open-source projects.
| Title | Author(s) | CVE | Date |
|---|---|---|---|
| Snapshot.org - Proposal Space Confusion | tintinweb | - | 2021 |
| Python - MIME Splitting | tintinweb | - | 2021 |
| Python - smtplib Multiple Crlf Injection | tintinweb | - | 2021 |
| PHP - IMAP MIME Splitting and Crlf Injection | tintinweb | - | 2021 |
| Remix Ethereum IDE - Drive-By and Remixd Path Traversal and Rce | tintinweb | - | 2021 |
| Nim - Insecure SSL/TLS Defaults, MitM, and nimble shell command injection | tintinweb | CVE-2021-21374 CVE-2021-21373 CVE-2021-21372 | 2021 |
| Nim - stdlib asyncftpd - Crlf Injection | tintinweb | CVE-2020-15690 | 2021 |
| Ethereum 2.0 - Teku - DoS via Gossipsub | tintinweb | - | 2020 |
| Ethereum 1.0 - Trinity - Neighbour of Death remote DoS via DiscV4 | tintinweb | - | 2020 |
| Nim - stdlib Browsers - `open` Argument Injection | tintinweb | CVE-2020-15692 | 2020 |
| Nim - stdlib Httpclient - Header Crlf Injection & Server Response Validation | tintinweb | CVE-2020-15693 CVE-2020-15694 | 2020 |
| Nim - stdlib smtp - multiple crlf injections | tintinweb | CVE-2020-15691 | 2020 |