GO-2026-4505 Libredesk has a SSRF Vulnerability in Webhooks in github.com/abhinavxd/libredesk

Libredesk has a SSRF Vulnerability in Webhooks in github.com/abhinavxd/libredesk...

Git Argument Injection via Reference Field in GitHubRepository Block

This report is not public...

GO-2026-4444 OpenCloud Reva has a Public Link Exploit in github.com/opencloud-eu/reva

OpenCloud Reva has a Public Link Exploit in github.com/opencloud-eu/reva...

CVE-2024-12724

creationtimestamp| type| source ---|---|--- 2026-02-06 16:21:41+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-12724.yaml...

GO-2026-4395 terraform-provider-proxmox has insecure sudo recommendation in the documentation in github.com/bpg/terraform-provider-proxmox

terraform-provider-proxmox has insecure sudo recommendation in the documentation in github.com/bpg/terraform-provider-proxmox...

PT-2026-6530

EVE's Debug Functions Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve...

GO-2026-4348 Client DoS via malformed server response in github.com/theupdateframework/go-tuf

Client DoS via malformed server response in github.com/theupdateframework/go-tuf...

CLEANSTART-2026-YS66739 Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3

Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3. See references for individual vulnerability details...

CVE-2026-24910

In Bun before 1.3.5, the default trusted dependencies list aka trust allow list can be spoofed by a non-npm package in the case of a matching name for file, link, git, or github...

GO-2026-4297 Mattermost Server has intermittent Authorization bypass for resource-owners in github.com/mattermost/mattermost-server

Mattermost Server has intermittent Authorization bypass for resource-owners in github.com/mattermost/mattermost-server...

CVE-2023-31584

GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting XSS vulnerability via the User Input field...

CVE-2023-4879

Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git...

CVE-2022-31548

The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31513

The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31568

The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31586

The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31551

The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31587

The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31578

The piaoyunsoft/btlnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31516

The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...