CVE-2026-46339

creationtimestamp| type| source ---|---|--- 2026-05-13 13:15:48+00:00| published-proof-of-concept| https://github.com/decolua/9router/security/advisories/GHSA-fhh6-4qxv-rpqj...

Generation of Error Message Containing Sensitive Information

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information...

Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs

More info at https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2...

Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs

Summary Composer leaks the full contents of tokens configured as GitHub OAuth tokens if they do not match Composer's expected format for such tokens to stderr. GitHub has introduced a new format for GitHub Actions GITHUBTOKEN values. These tokens are validated in the same way by Composer on GitHu...

GHSA-C4J6-FC7J-M34R

creationtimestamp| type| source ---|---|--- 2026-05-13 06:02:34+00:00| seen| https://t.me/GithubRedTeam/84034 2026-05-13 09:00:04+00:00| seen| Telegram/6gD9pQtVCgeRlU-Eqvw6JM83wq5C4Rc0rf2uF-yzttPU 2026-05-15 00:16:17+00:00| seen| https://gist.github.com/hahwul/e82a1e91f75872e43287743d4a15d035...

GHSA-GX5P-JG67-6X7H vulnerabilities

Vulnerabilities for packages: keep...

CVE-2026-44246

The CVE concerns nnU-Net (MIC-DKFZ/nnUNet) before version 2.4.1. The issue lies in the nnU-Net Issue Triage workflow at .github/workflows/issue-triage.yml, which sets allowed_non_write_users: ${{ github.event.issue.user.login }}. This allows any logged-in GitHub user opening an issue to reach an ...

EUVD-2026-29841

nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowednonwriteusers: $...

CVE-2026-46395

creationtimestamp| type| source ---|---|--- 2026-05-12 20:26:15+00:00| published-proof-of-concept| https://github.com/haxtheweb/issues/security/advisories/GHSA-6c8g-9hfh-pq5h...

CVE-2026-46396

creationtimestamp| type| source ---|---|--- 2026-05-12 20:26:06+00:00| published-proof-of-concept| https://github.com/haxtheweb/issues/security/advisories/GHSA-jh3h-rpxg-fr36...

CVE-2026-46393

creationtimestamp| type| source ---|---|--- 2026-05-12 20:23:35+00:00| published-proof-of-concept| https://github.com/haxtheweb/issues/security/advisories/GHSA-q862-gcgq-5m6g...

CVE-2026-45721

creationtimestamp| type| source ---|---|--- 2026-05-12 20:16:42+00:00| published-proof-of-concept| https://github.com/xyproto/algernon/security/advisories/GHSA-xwcr-wm99-g9jc...

Embedded Malicious Code

@tanstack/ packages are vulnerable to Embedded Malicious Code. The vulnerability is due to misconfigured GitHub Actions workflows and cache poisoning weaknesses that allowed attackers to extract OIDC tokens and publish malicious package versions under a trusted identity...

GHSA-MF9V-MFXR-J63J vulnerabilities

Vulnerabilities for packages: open-webui, airflow, kubeflow-volumes-web-app, az, kubeflow-pipelines-visualization-server, mlflow, neuvector-manager, jupyter-base-notebook, superset, confluent-docker-utils, jwt-tool, aws-cli, dask-kubernetes, kubeflow-pipelines, semgrep...

CVE-2026-41109

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-41109

Technical details are not publicly available in the provided documents; monitor for updates.

CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

...

CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

...

GHSA-RHV4-8758-JX7V

creationtimestamp| type| source ---|---|--- 2026-05-12 15:40:29+00:00| seen| https://gist.github.com/alon710/d3518b26e6387505ec4774e026b70deb...

CVE-2026-42074

creationtimestamp| type| source ---|---|--- 2026-05-12 15:22:53+00:00| published-proof-of-concept| https://github.com/Gitlawb/openclaude/security/advisories/GHSA-m77w-p5jj-xmhg 2026-06-02 19:24:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndd3o6o4n24 2026-06-04 07:00:20+00:00...