29378 matches found
GHSA-FPF5-4JW8-67X8
creationtimestamp| type| source ---|---|--- 2026-05-07 02:10:29+00:00| seen| https://gist.github.com/alon710/fbdb426cde042168e0871c7f8c96676d...
GHSA-V2V4-37R5-5V8G vulnerabilities
Vulnerabilities for packages: saf, prism, sqlpad, npm, renovate, lerna, kubeflow-pipelines, opensearch-dashboards, langfuse, code-server, tileserver-gl, pulumi...
[SECURITY] Fedora 44 Update: gh-2.92.0-1.fc44
A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform vari ous actions right from the command line, eliminating the need to...
Demystifying and Detecting Agentic Workflow Injection Vulnerabilities in GitHub Actions
GitHub Actions is increasingly used to deploy LLM-based agents for repository-centric tasks such as issue triage, pull-request review, code modification, and release assistance. These agentic workflows extend traditional CI/CD automation with agentic capabilities but also create a new injection...
PT-2026-38594
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description A server-side request forgery SSRF issue exists in the notebook viewer. This occurs due to URL parser confusion between the validation layer and the HTTP request library, where the...
Heimdallr: Characterizing and Detecting LLM-Induced Security Risks in GitHub CI Workflows
GitHub Continuous Integration CI workflows increasingly integrate Large Language Models LLMs to automate review, triage, content generation, and repository maintenance. This creates a new attack surface: externally controllable workflow inputs can shape LLM prompts and outputs, which may in turn...
GitHub Enterprise Server 访问控制错误漏洞
GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was an access control...
PT-2026-38593
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An unauthenticated attacker can cause service disruption by sending crafted requests containing deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parses...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was a security...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was a security...
PT-2026-38588
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An authentication bypass allows an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication is enable...
Cross-site Request Forgery (CSRF)
Overview misp-modules is a MISP modules are autonomous modules that can be used for expansion and other services in MISP Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the home blueprint, which was exempted from CSRF protection. An attacker can perform...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the processFuzzySearch function. An attacker can access and extract the entire database contents by supplying crafted input to the column parameter in the HTTP API, which is directly interpolated into raw SQL statement...
Arbitrary Code Injection
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the resetuserpassword and gympermissionsuseredit function when both the attacker and victim have gym=None. An attacker can gain unauthorized access to another user's account, obtain their new plaintext passwor...
CVE-2026-44483
creationtimestamp| type| source ---|---|--- 2026-05-06 19:32:52+00:00| published-proof-of-concept| https://github.com/airjp73/rvf/security/advisories/GHSA-c567-44rc-m5hq 2026-05-27 18:01:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmu3mrz7jk26...
GHSA-XP3W-R5P5-63RR vulnerabilities
Vulnerabilities for packages: rustup, komodo, rustls-openssl-client, ztunnel-fips, bootc, valkey-ldap, guestproxyagent, sqlx, deno, sccache, sdp-k8s-injector, typst, rpm-sequoia, sentry-cli, vector...
GHSA-FPJQ-C37H-CQCV vulnerabilities
Vulnerabilities for packages: kyverno, kyverno-notation-aws...
CVE-2026-42339
creationtimestamp| type| source ---|---|--- 2026-05-06 12:19:03+00:00| published-proof-of-concept| https://github.com/QuantumNous/new-api/security/advisories/GHSA-v5c3-6wvc-pc2q...
GHSA-FG3J-5W9G-HMG7
creationtimestamp| type| source ---|---|--- 2026-05-06 07:40:29+00:00| seen| https://gist.github.com/alon710/cdeb633d740e110eed8363124062a03a...