CVE-2026-27941

OpenLIT prior to v1.37.1 used GitHub Actions workflows that employed pull_request_target to check out and run untrusted code from forks. This created a risk where workflows executed with the security context of the base repository, including a write-privileged GITHUB_TOKEN and sensitive secrets (...

CVE-2026-27941 OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

PT-2026-22081

Name of the Vulnerable Software and Affected Versions OpenLIT versions prior to 1.37.1 Description OpenLIT, an open source AI engineering platform, has an issue in GitHub Actions workflows prior to version 1.37.1. These workflows use the pull request target event and execute untrusted code from...

EUVD-2025-28133

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-47928

Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using pullrequesttarget on .github/workflows/integrationtests.yml followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be execute...