CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 5 days ago•16 views

CVE-2026-12726 Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential

6.3CVSS0.00204EPSS

CVE•added 5 days ago•21 views

CVE-2026-12726

AWX/AUTOMATION-CONTROLLER GitHub webhook integration vulnerability (CVE-2026-12726): processing of GitHub pull_request webhooks stores statuses_url from the payload without validating it points to a trusted GitHub API endpoint. If a job template uses a GitHub Personal Access Token as the webhook ...

6.3CVSS5.8AI score0.00204EPSS

Positive Technologies•added 5 days ago•9 views

PT-2026-51010

Name of the Vulnerable Software and Affected Versions AWX affected versions not specified Description A flaw exists in the GitHub webhook integration where the controller stores the pull request.statuses url value from a pull request webhook payload without validating if it points to a trusted...

6.3CVSS5.9AI score0.00204EPSS

Exploits0References5

CVE•added 2026/06/09 9:33 a.m.•23 views

CVE-2026-52902

CVE-2026-52902 affects awxkit (AWX CLI). The YAML !include directive permits path traversal, enabling an attacker to craft a YAML file that reads arbitrary local YAML files when a user imports it via awx --conf.format yaml import. This is a client-side vulnerability requiring user interaction. Mi...

4.7CVSS5.5AI score0.00121EPSS

Chainguard•added 2026/05/10 1:17 a.m.•7 views

GHSA-MV93-W799-CJ2W vulnerabilities

Vulnerabilities for packages: mlflow, nemo, jupyter-all-spark-notebook, mlflow-fips, datahub-ingestion-fips, opal, awx...

Chainguard•added 2026/04/07 7:17 p.m.•3 views

GHSA-9F5J-8JWJ-X28G vulnerabilities

Vulnerabilities for packages: awx, airflow...

Chainguard•added 2026/04/07 7:17 p.m.•4 views

CVE-2026-33936 vulnerabilities

Vulnerabilities for packages: awx, airflow...

5.3CVSS5.8AI score0.00476EPSS

Exploits1

Chainguard•added 2026/03/20 7:25 p.m.•5 views

CVE-2026-33154 vulnerabilities

Vulnerabilities for packages: awx...

8.1CVSS5.8AI score0.00526EPSS

Exploits1

Chainguard•added 2026/03/20 7:25 p.m.•5 views

GHSA-PXRR-HQ57-Q35P vulnerabilities

Vulnerabilities for packages: awx...

Chainguard•added 2026/03/12 7:17 p.m.•6 views

CVE-2025-69534 vulnerabilities

Vulnerabilities for packages: awx, superset...

7.5CVSS7.3AI score0.00465EPSS

Exploits1

Chainguard•added 2026/03/12 7:17 p.m.•3 views

GHSA-5WMX-573V-2QWQ vulnerabilities

Vulnerabilities for packages: awx, superset...

Chainguard•added 2026/01/07 7:17 p.m.•3 views

GHSA-JJ3X-WXRX-4X23 vulnerabilities

Vulnerabilities for packages: dask-kubernetes, checkov, kserve, open-webui, py3-cassandra-medusa, py3-vllm-cuda-12.4, kubeflow-pipelines-visualization-server, airflow, gitlab-cng, awx, request-1276, authentik, apache-beam-python-3.11-sdk...

Chainguard•added 2026/01/07 7:17 p.m.•7 views

GHSA-G84X-MCQJ-X9QQ vulnerabilities

Chainguard•added 2026/01/07 7:17 p.m.•21 views

CVE-2025-69229 vulnerabilities

8.7CVSS7.1AI score0.00338EPSS