MAL-2026-3701 Malicious code in api-request-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8e8b70ac4deca30691d583ac6891034222b7458bf5ba9e7b86cf5e6627d8abb During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

MAL-2026-3700 Malicious code in alembic-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e9b764ee0ccd6a2c6c2db1b7722f083ee9f643cb99d03821d5e6571f68db253 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

CVE-2026-44990

creationtimestamp| type| source ---|---|--- 2026-05-13 19:28:52+00:00| published-proof-of-concept| https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-rpr9-rxv7-x643...

GHSA-8V8J-3HXP-93WR vulnerabilities

Vulnerabilities for packages: apache-nifi-registry, camunda-zeebe...

CVE-2026-45033

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...

Malicious Package

Overview github.com/BufferZoneCorp/go-weather-sdk is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a...

Malicious Package

Overview github.com/BufferZoneCorp/go-retryablehttp is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a...

Malicious Package

Overview github.com/BufferZoneCorp/log-core is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a cluster of...

Malicious Package

Overview github.com/BufferZoneCorp/go-metrics-sdk is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a...

Malicious Package

Overview github.com/BufferZoneCorp/go-stdlib-ext is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a clust...

Malicious Package

Overview github.com/BufferZoneCorp/go-stdlog is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a cluster o...

Malicious Package

Overview github.com/BufferZoneCorp/net-helper is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a cluster ...

Malicious Package

Overview github.com/BufferZoneCorp/grpc-client is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a cluster...

Malicious Package

Overview github.com/BufferZoneCorp/go-envconfig is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a cluste...

CVE-2026-45033

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...

CVE-2026-45033

GitHub Copilot CLI (affected component: Git operations in Copilot CLI) contains a local privilege/command execution flaw exposed when a malicious bare git repository is nested within a project directory. The issue arises from git auto-discovery of bare repositories during directory traversal, all...

neo-pocs

neo-pocs Containerized proof-of-concept packages for reviewed...

CVE-2026-45803

creationtimestamp| type| source ---|---|--- 2026-05-13 15:20:46+00:00| published-proof-of-concept| https://github.com/cli/cli/security/advisories/GHSA-crc3-h8v6-qh57...

CVE-2026-44970

creationtimestamp| type| source ---|---|--- 2026-05-13 15:01:46+00:00| published-proof-of-concept| https://github.com/dbt-labs/dbt-mcp/security/advisories/GHSA-jj54-r8gm-2fcf...

CVE-2026-44969

creationtimestamp| type| source ---|---|--- 2026-05-13 15:01:34+00:00| published-proof-of-concept| https://github.com/dbt-labs/dbt-mcp/security/advisories/GHSA-7xgw-6qf3-7w59...