GHSA-W34W-FVP3-68XM

creationtimestamp| type| source ---|---|--- 2025-04-01 16:32:25+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9944...

GHSA-6PHG-4WMQ-H5H3

creationtimestamp| type| source ---|---|--- 2025-03-26 16:25:15+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8883...

GHSA-RPF7-G4XH-84V9

creationtimestamp| type| source ---|---|--- 2025-03-25 20:24:37+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8767...

GHSA-QR4Q-6H3M-H3G7

creationtimestamp| type| source ---|---|--- 2025-03-11 13:39:45+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7130...

GHSA-PWHH-Q4H6-W599

creationtimestamp| type| source ---|---|--- 2025-02-27 15:30:14+00:00| published-proof-of-concept| Telegram/18aGabcqT47rhbAtmBCfjbslvF7WShvEcg6GVkQNwRNaIHA...

GHSA-VFXC-QG3V-J2R5

creationtimestamp| type| source ---|---|--- 2025-02-25 18:22:35+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5342...

CVE-2025-25204

gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...

CVE-2022-21671

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...

CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

GHSA-8C3X-HQ82-GJCM

creationtimestamp| type| source ---|---|--- 2025-01-24 20:04:51+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/3008...

GHSA-X99J-R8VV-GWWJ

creationtimestamp| type| source ---|---|--- 2025-01-24 17:05:04+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2948...

GHSA-FF6Q-3C9C-6CF5

creationtimestamp| type| source ---|---|--- 2025-01-14 23:09:10+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1633...

GO-2025-3371 WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover in github.com/h44z/wg-portal

WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover in github.com/h44z/wg-portal. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...

GHSA-X629-5XFF-W7QG

creationtimestamp| type| source ---|---|--- 2025-01-06 15:38:11+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/172...

GHSA-PVVW-QRF9-XPMC

creationtimestamp| type| source ---|---|--- 2025-01-06 06:40:22+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/153...

GHSA-FQ22-566F-CFHJ

creationtimestamp| type| source ---|---|--- 2025-01-05 03:35:57+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/117...

LimeSurvey < 6.5.12 XSS Vulnerability

LimeSurvey is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GHSA-4CX5-89VM-833X

creationtimestamp| type| source ---|---|--- 2024-11-30 06:58:11+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/9255...

Discourse < 3.3.1, 3.4.x < 3.4.0.beta1 DoS Vulnerability

Discourse is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability, tracked as CVE-2024-9486 CVSS score: 9.8, has been addressed in version 0.1.38. The project maintainers...