GHSA-3QPV-XF3V-MM45

creationtimestamp| type| source ---|---|--- 2026-04-23 23:27:16+00:00| seen| Telegram/IhrbuMncMOQ2aXKn55DBnsRKZnrdzyQXI4i7tcZ3JysOVtE...

GHSA-F228-CHMX-V6J6

creationtimestamp| type| source ---|---|--- 2026-04-23 21:26:14+00:00| published-proof-of-concept| Telegram/LhBAsLXZuywUMfmIXbSwPnWzjb6RJaoGfmWe6gs8QchtB8o...

DNS Rebinding

Overview copilot-api is a Turn GitHub Copilot into OpenAI/Anthropic API compatible server. Usable with Claude Code! Affected versions of this package are vulnerable to DNS Rebinding in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header...

GHSA-CCCX-M78H-M3XW vulnerabilities

Vulnerabilities for packages: python...

GHSA-39Q2-94RC-95CP vulnerabilities

Vulnerabilities for packages: langfuse, opensearch-dashboards...

CVE-2026-41432

creationtimestamp| type| source ---|---|--- 2026-04-22 14:14:22+00:00| published-proof-of-concept| https://github.com/QuantumNous/new-api/security/advisories/GHSA-xff3-5c9p-2mr4...

CVE-2026-44015

creationtimestamp| type| source ---|---|--- 2026-04-22 11:15:44+00:00| published-proof-of-concept| https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-wr32-99hh-6f35...

GHSA-R8FQ-WRFM-CJ2Q

creationtimestamp| type| source ---|---|--- 2026-04-21 21:26:51+00:00| seen| Telegram/FmTSSVQ1J3rSbvAltEePP9EbJsBmWNaUcXM1uvMHIpeiAtQ...

GHSA-Q2QH-V828-R4P7

creationtimestamp| type| source ---|---|--- 2026-04-21 21:26:25+00:00| seen| Telegram/zADwex3kLz9IaLHwxMwQfRAPY0yfg2SR1HrZ5uE72Qmc...

GHSA-J662-9WCJ-MF36

creationtimestamp| type| source ---|---|--- 2026-04-21 21:26:08+00:00| published-proof-of-concept| Telegram/Sh-VDLwDsigv2TtmIHQb5bM9xL-0-hntwqefkM3TigDwq8o...

UNIX Symbolic Link (Symlink) Following

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink...

Command Injection

Overview flowsint is an Add your description here Affected versions of this package are vulnerable to Command Injection via the orgtoasn transform process. An attacker can execute arbitrary operating system commands as root on the host machine by supplying shell metacharacters and escaping the...

CVE-2026-42180

creationtimestamp| type| source ---|---|--- 2026-04-20 14:11:48+00:00| published-proof-of-concept| https://api.github.com/repos/LemmyNet/lemmy/security-advisories/GHSA-3jvj-v6w2-h948...

GHSA-44VF-4X73-JV4X vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-3M3G-56CX-59Q7 vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-X449-4QCH-5WJQ vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-6XWP-952X-4VGF vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-JVCH-X2XH-P75V vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-24V7-W2X9-2CXH vulnerabilities

Vulnerabilities for packages: chromium...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in several API endpoints that lack proper authentication checks. An attacker can access sensitive data, perform state-changing operations, and obtain internal configuration details by sending...