Skip to content
View Sim4n6's full-sized avatar
50 followers · 82 following

Achievements

Achievement: YOLOAchievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Arctic Code Vault ContributorAchievement: Pull Sharkx2

Achievements

Achievement: YOLOAchievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Arctic Code Vault ContributorAchievement: Pull Sharkx2

Highlights

Block or report Sim4n6

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Sim4n6/README.md

CVEs & Security Advisories

CVEs Critical High Medium Low

2026 (1)
CVE Severity Target Description
35 CVE-2026-1388 High GitLab CE/EE Regular Expression Denial of Service issue in GitLab merge requests - GitLab Patch Release
2025 (8)
CVE Severity Target Description
37 CVE-2025-12576 Medium GitLab CE/EE Denial of Service issue in webhook endpoint - GitLab Patch Release
36 CVE-2025-13690 Medium GitLab CE/EE Denial of Service issue in webhook custom headers - GitLab Patch Release
34 CVE-2025-13335 Medium GitLab CE/EE Crafted wiki file may lead to endless server-side redirections - Bleeping Computer
33 CVE-2025-0673 High GitLab CE/EE An attacker can trigger an infinite redirect loop, leading to a denial of service condition - Patch Release
32 GHSA-6p2v-wcv8-8j6w Critical Caido Plugin Arbitrary File Read by Copy as a Curl command in Caido Plugin Exploit Generator - advisory
31 CVE-2025-0549 Medium GitLab Partial Bypass for Device OAuth flow using Cross Window Forgery
30 CVE-2025-31116 Medium MobSF SSRF on assetlinks_check with DNS Rebinding
2024 (15)
CVE Severity Target Description
29 Hall of Fame Medium DEV.to Denial of Service Due to Inefficient Processing of Unicode Input
28 CVE-2024-13054 Medium GitLab EE Denial of Service Due to Inefficient Processing of Untrusted Input
27 CVE-2024-12379 Medium GitLab EE Denial of Service due to Unbounded Object Creation via the scopes parameter in a Personal Access Token
26 CVE-2024-47830 Critical Plane Server side request forgery via /_next/image endpoint
25 CVE-2024-8124 High GitLab Denial of Service via sending a large glm_source parameter
24 CVE-2024-45412 Medium Yeti Platform Potential Denial of Service due to the One Million Unicode Characters attack
23 CVE-2024-35231 High Rack::Contrib Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
22 CVE-2024-1211 Medium GitLab Require confirmation before linking JWT identity - GitLab Blog
21 GHSA-9gw7-hxgx-f6rv Medium FAME (Cert SG) Malicious Long Unicode filenames may cause an Application-level Denial of Service
20 CVE-2024-32874 Medium Frigate Malicious Long Unicode filenames may cause Multiple Application-level Denial of Service
19 CVE-2024-0081 High NVIDIA NeMo Unicode use in a user-controlled filename may cause a server-side DoS - Nvidia Acknowledgement
18 CVE-2024-24759 Critical MindsDB Bypass SSRF Protection with DNS Rebinding
17 CVE-2024-23826 Medium SPbU SE Site Uploading an image with a specific filename causes a server-side DoS
16 CVE-2024-23343 Medium
15 CVE-2024-21623 Critical OTClient Arbitrary Expression Injection in GitHub workflow leads to Command execution & leaking secrets
2023 (10)
CVE Severity Target Description
14 CVE-2023-52081 Low ffcss Late-Unicode normalization vulnerability
13 CVE-2023-41889 Medium Shirasagi Late-Unicode normalization vulnerability
12 CVE-2023-42183 Low LOCKSS A Post-Unicode Normalization Vulnerability
11 CVE-2023-39911 Medium
10 GHSA-373w-rj84-pv6x Low safeurl-python Hostname blocklist does not block FQDNs - advisory
9 CVE-2023-35932 High jcvi Configuration Injection due to unsanitized user input - advisory
8 CVE-2023-31131 Medium Greenplum DB Arbitrary File Write when Extracting Tarballs using shutil.unpack_archive()
7 CVE-2023-30620 High MindsDB Arbitrary File Write when Extracting a Remotely retrieved Tarball using Tarfile.extractall()
6 CVE-2022-23522 High MindsDB Arbitrary File Write when Extracting Tarballs using shutil.unpack_archive()
5 CVE-2023-25803 / CVE-2023-25802 High Roxy-WI Directory Traversal vulnerability
4 CVE-2023-25804 Medium Roxy-WI Limited Path Traversal in name parameter
2022 (3)
CVE Severity Target Description
3 CVE-2022-23530 Low GuardDog (DataDog) GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package - advisory
2 CVE-2022-3607 Medium OctoPrint ZipSlip Symlink variant allows to read any file within OctoPrint Box
1 CVE-2022-1993 High Gogs Path Traversal vulnerability on the endpoint '/info/refs' - advisory

In Sum

Security Researcher focused on vulnerability discovery through responsible disclosure and bug bounty programs.

Specializing in Path Traversal, SSRF, Denial of Service (Unicode/ReDoS), Arbitrary File Write, and CI/CD Security.

Pinned Loading

  1. github/codeql github/codeql Public

    CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

    CodeQL 9.3k 1.9k

  2. Sim4n6 Sim4n6 Public

    2