CVE-2026-27208 api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execution

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

CVE-2025-57802

Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory /app/data. Because the container bind-mounts an...

CVE-2025-31479 canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output

canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUBTOKEN. If the full token is included in the excepti...

CVE-2024-24757 open-irs .env Exposure

open-irs is an issue response robot that reponds to issues in the installed repository. The .env file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets...