CVE-2026-8606 Server-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL Endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

CVE-2026-8606

A Server-Side Request Forgery (SSRF) in GitHub Enterprise Server was exposed via the security advisories package lookup endpoint, allowing an attacker to issue HTTP requests to internal services. By directing requests to an internal management service and measuring response timing, an attacker co...

CVE-2026-9520

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

MAL-2025-2544 Malicious code in github.com/belatedplanet/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ae6bd303b29130f3970f2f526b9c704e4fa0905fa4b3e015542213f4aaf5f701 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

Improper Restriction of Excessive Authentication Attempts in Argo API

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence. Specific Go Packages Affected...