CVE-2026-44590

Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validatemodifiedtargets.yml is vulnerable to command injection via the pullrequesttarget trigger. Any GitHub user can execute arbitrary commands on the CI runner and exfiltra...

CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

Summary The GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.ref . Subsequently, it executes a script bin/console from this untrusted checkout. Thi...

SUSE CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

CVE-2026-40288 PraisonAI: Critical RCE via `type: job` workflow YAML

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...

CVE-2026-31852

Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions nearly all write permissions, this vulnerability enables...

Zen-AI-Pentest has Shell Injection via untrusted issue title in ZenClaw Discord Integration workflow

Summary The ZenClaw Discord Integration GitHub Actions workflow is vulnerable to shell command injection. The issue title field, controllable by any GitHub user, is interpolated directly into a run shell block via a GitHub Actions template expression. An attacker can craft an issue title containi...

CVE-2026-31852 Jellyfin Possible Organization/Secret Compromise from dangerous CI implementation

Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions nearly all write permissions, this vulnerability enables...

CVE-2026-31852

CVE-2026-31852 affects the Jellyfin project, specifically the GitHub Actions workflow in jellyfin/jellyfin-ios (code-quality.yml). The root cause is an elevated-permissions workflow that accepts pull requests from forked repositories, enabling arbitrary code execution and full takeover of the jel...

CVE-2026-31852 Jellyfin Possible Organization/Secret Compromise from dangerous CI implementation

Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions nearly all write permissions, this vulnerability enables...

@0xlimao/n8n-nodes-ethereum (=0.1.1), @adhiraj2486/n8n-nodes-vigorus (=1.0.8) +699 more potentially affected by CVE-2025-68613 +1 more via n8n-workflow (>=1.0.0 <=1.120.8)

n8n-workflow NPM version =1.0.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =0.5.2, =1.0.1, =1.0.0, =0.1.1, =0.1.4 - @arwinho/n8n-nodes-oxxa =0.1.0 - @avisaapp/n8n-nodes-avisaapp =0.1.0 - @bergetai/n8n-nodes-all =1.1.0 and more Source cves: CVE-2025-68613, CVE-2026-27577 Source advisory:...

@0xlimao/n8n-nodes-ethereum (>=1.0.0 <=1.0.1), @a700/n8n-nodes-agent700 (>=1.0.5 <=1.0.7) +261 more potentially affected by CVE-2025-68613 +1 more via n8n-workflow (>=2.0.0 <=2.9.0)

n8n-workflow NPM version =2.0.0, =1.0.0, =1.0.5, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.2.2, =0.3.6, =0.1.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2025-68613, CVE-2026-27577 Source advisory: SNYK:JS-N8NWORKFLOW-15357609...

CVE-2026-27701

LiveCode vulnerability CVE-2026-27701 affects the i18n-update-pull GitHub Actions workflow. Before commit e151c64c2bd80d2d53ac1333f1df9429fe6a1a11, the PR title is interpolated into a GitHub Script block, allowing an attacker who opens a PR with a crafted title to inject JavaScript that runs with...

CVE-2026-2536 opencc JFlow Workflow WF_Admin_AttrFlow.java Imp_Done xml external entity reference

A vulnerability was determined in opencc JFlow up to 20260129. This affects the function ImpDone of the file src/main/java/bp/wf/httphandler/WFAdminAttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be...

SAP Business Workflow 安全漏洞

SAP Business Workflow is a key component of SAP, a German company, used for executing business processes. It allows users to design, implement, and manage business processes, ensuring compliance with regulations and reducing the need for manual operations through automation. There is a security...

@kimio/n8n-nodes-litellm (>=1.0.2 <=1.0.3), @klardaten/n8n-nodes-datevconnect (>=1.0.1 <=1.0.2) +29 more potentially affected by CVE-2026-25631 via n8n-workflow (>=1.0.0 <=1.117.1)

n8n-workflow NPM version =1.0.0, =1.0.2, =1.0.1, =0.13.0, =0.37.0, =0.6.0, =0.14.0, =1.7.0, =1.6.0, =1.10.0, =1.39.0, =1.1.7, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-25631 Source advisory: SNYK:JS-N8NWORKFLOW-15225355...

CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

CVE-2026-24480

A flaw was found in the QGIS GitHub Actions workflow. This vulnerability allowed a remote attacker to achieve remote code execution and compromise the repository. The flaw occurred because the workflow used the pullrequesttarget trigger, which runs with the base repository's credentials, and then...

CVE-2026-0771

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...

CVE-2026-0771 Langflow PythonFunction Code Injection Remote Code Execution Vulnerability

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...

Argo Workflows affected by stored XSS in the artifact directory listing

Summary Stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo Server origin, enabling API actions with the victim’s privileges. Details The directory listing response in server/artifacts/artifactserver.go...