29362 matches found
CVE-2026-46476
creationtimestamp| type| source ---|---|--- 2026-05-14 14:17:36+00:00| published-proof-of-concept| https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-728h-4mwj-f2p4...
GHSA-Q58J-G3F4-H26H CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration
Summary The GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.ref . Subsequently, it executes a script bin/console from this untrusted checkout. Thi...
CVE-2026-45799
creationtimestamp| type| source ---|---|--- 2026-05-14 11:34:06+00:00| published-proof-of-concept| https://github.com/square/wire/security/advisories/GHSA-7xpr-hc2w-34m9...
CVE-2026-46430
creationtimestamp| type| source ---|---|--- 2026-05-14 09:10:41+00:00| published-proof-of-concept| https://github.com/xyproto/algernon/security/advisories/GHSA-gj84-924c-48fx...
CVE-2026-46426
creationtimestamp| type| source ---|---|--- 2026-05-14 08:35:54+00:00| published-proof-of-concept| https://github.com/Budibase/budibase/security/advisories/GHSA-82rc-gxrg-v4gf 2026-05-27 19:19:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmu7ynnjzd2q...
CVE-2026-45709
creationtimestamp| type| source ---|---|--- 2026-05-14 04:53:50+00:00| published-proof-of-concept| https://github.com/axllent/mailpit/security/advisories/GHSA-j3fj-qppj-fmmc...
CVE-2026-45793
Github Actions issued GITHUBTOKEN disclosure in GitHub Actions logs...
CVE-2026-45139
creationtimestamp| type| source ---|---|--- 2026-05-14 01:57:46+00:00| published-proof-of-concept| https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-245j-xjvr-xvm5...
GHSA-V9JR-RG53-9PGP vulnerabilities
Vulnerabilities for packages: opensearch-dashboards...
GHSA-66FF-XGX4-VCHM vulnerabilities
Vulnerabilities for packages: kubeflow-centraldashboard, vitess, renovate, pulumi...
GHSA-V974-2CJF-22Q5 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws...
PT-2026-41129
Summary A command injection vulnerability was identified in shivammathur/setup-php when the action resolves the PHP version from repository-controlled files and uses that value while generating the platform setup script. In affected versions, setup-php may read the PHP version from: - .php-versio...
CVE-2026-46378
creationtimestamp| type| source ---|---|--- 2026-05-13 20:50:17+00:00| published-proof-of-concept| https://github.com/TomWright/dasel/security/advisories/GHSA-m6xr-fvfg-5g64...
CVE-2026-46377
creationtimestamp| type| source ---|---|--- 2026-05-13 20:39:40+00:00| published-proof-of-concept| https://github.com/TomWright/dasel/security/advisories/GHSA-m5j3-4634-c2vq...
MAL-2026-3702 Malicious code in async-http-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 85e8a68bad6595a817f1dabed757662e2a04cfec7b45a86d9bfd61a7a78d14d1 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...
Malicious code in web3-helpers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8d6102ae402b2583a01da47e71f41cccba99fb7826dcf360004d8924557e1760 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...
Malicious code in math-array-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1b6411ce9c35210436bef6dadb284e5d89ec85c2cc17f970509aa4b5f30c2440 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...
MAL-2026-3704 Malicious code in graddio (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cf6bbc8eaafef42ed4e5740b1ff94df7749de4241d44846467b438db586399ba During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...
Malicious code in graddio (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cf6bbc8eaafef42ed4e5740b1ff94df7749de4241d44846467b438db586399ba During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...
MAL-2026-3701 Malicious code in api-request-helpers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c8e8b70ac4deca30691d583ac6891034222b7458bf5ba9e7b86cf5e6627d8abb During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...