How to Compare the Security of Code Written by Humans to LLM-Generated Code

Large language models LLMs are rapidly transforming how software is created and maintained. Comparing LLM-generated code against human-written standards is essential to determine whether these new tools uphold or erode the security baselines established by professional developers. Yet, we lack a...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.29 contained security vulnerabilities. These vulnerabilities stemmed from SSRF policy bypasses in browser debugging and route exports, allowing for the reuse of already opened...

QuickCMS 授权问题漏洞

QuickCMS is an open-source content management system developed by QuickCMS. There are authorization-related vulnerabilities in QuickCMS. These vulnerabilities stem from the ability to set user session identifiers before authentication, and these session IDs remain unchanged after authentication...

a2a-sigstore (=0.4.0), aiogithubapi (>=23.9.0 <=23.11.0) +68 more potentially affected by unknown CVE via tuf (>=1.0.0 <=6.0.0)

tuf PYPI version =1.0.0, =23.9.0, =0.2.0, =0.14.0, =0.0.1, =0.1.0, =0.1.9, =0.1.9, =0.1.9, =0.1.20 - floe-catalog-glue =0.1.0a1 - floe-catalog-polaris =0.1.0a1 - floe-compute-duckdb =0.1.0a1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QP9X-WP8F-QGJJ...

PYSEC-0000-CVE-2026-45078

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1...

PYSEC-2026-191

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1...

CVE-2026-45348

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...

Malicious code in @neon-i18n/core-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dbdc5bd090d8e85771f77fa3a7a113e08fbfb31de54ae399ed92565bdac246df The OpenSSF Package Analysis project identified '@neon-i18n/core-ui' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

MAL-2026-4839 Malicious code in hellowornd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e9b9637d126bc60120f015b0af88898fae5cf613a015fd572ab74d2554e6d7f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in justsaying-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e1728e1b0cb2ea174743b9e437b707c768bb8979ba6299fedabfd49ea8a7d8e2 The OpenSSF Package Analysis project identified 'justsaying-docs' @ 2.4.4 npm as malicious. It is considered malicious because: - The package...

CVE-2026-8915

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31...

CVE-2026-8915

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31...

CVE-2026-8915

Technical details about CVE-2026-8915 are not publicly available in the provided documents. Monitor for updates from Samsung Escargot advisories and NVD entries for affected versions, impact, and remediation.

PT-2026-44127

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31...

ExAws.SNS 安全漏洞

ExAws.SNS is an open-source AWS SNS message push service module developed by ex-aws. Versions of ExAws.SNS from 2.0.1 to 2.3.5 contained security vulnerabilities. These vulnerabilities were caused by improper certificate verification, which could lead to signature forgery...

EspoCRM 安全漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM prior to 9.3.5 contained security vulnerabilities. These vulnerabilities were caused by business...

CTI-Transmute 安全漏洞

CTI-Transmute is an open-source network threat intelligence format conversion service developed by the MISP Project. CTI-Transmute has a security vulnerability. This vulnerability stems from the fact that the notification messages in the notification panel contain transition names that are...

vLLM 安全漏洞

vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Version vLLM 0.14.1 contains a security vulnerability caused by the hardcoding of the trustremotecode=True parameter, which may lead to remote code execution...

flowintel 安全漏洞

Flowintel is an open-source security analyst case and task management platform developed by flowintel. Versions of FlowIntel 3.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the external reference URL detection function in the app/case/task.py file, which has a...

CryptX 安全漏洞

CryptX is a open-source cryptographic toolkit developed by DCIT, based on various encryption algorithms. Versions of CryptX prior to 0.088001 contained security vulnerabilities. These vulnerabilities stemmed from stack buffer overflows in four AEAD decryption validation functions, which could all...