29422 matches found
CVE-2026-44004
creationtimestamp| type| source ---|---|--- 2026-05-01 20:43:52+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-6785-pvv7-mvg7...
CVE-2026-44005
creationtimestamp| type| source ---|---|--- 2026-05-01 20:42:00+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-vwrp-x96c-mhwq...
GHSA-5GVM-8X7G-H7XX vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-gcp, linux-azure...
GHSA-FCFJ-3H7Q-75MQ vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-gcp, linux-azure...
GHSA-V898-XG3C-W4RJ vulnerabilities
Vulnerabilities for packages: glibc...
CVE-2026-44426
creationtimestamp| type| source ---|---|--- 2026-05-01 15:17:47+00:00| published-proof-of-concept| https://github.com/shellhub-io/shellhub/security/advisories/GHSA-vwx9-7qcf-gg7f...
CVE-2026-41888
creationtimestamp| type| source ---|---|--- 2026-05-01 14:27:56+00:00| published-proof-of-concept| https://github.com/distribution/distribution/security/advisories/GHSA-6pjf-3r9x-m592...
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub account "BufferZoneCorp ," which h...
GHSA-MQQ7-WXX5-MP8H
creationtimestamp| type| source ---|---|--- 2026-05-01 06:10:28+00:00| seen| https://gist.github.com/alon710/63a0b9d45c1b8aff3ea39f384d9c8809...
CVE-2026-40893
creationtimestamp| type| source ---|---|--- 2026-05-01 05:46:38+00:00| published-proof-of-concept| https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4...
CVE-2026-44312
creationtimestamp| type| source ---|---|--- 2026-05-01 03:40:10+00:00| published-proof-of-concept| https://github.com/premailer/cssparser/security/advisories/GHSA-ff6c-w6qf-7xqc...
GHSA-48WR-P98V-9W5H vulnerabilities
Vulnerabilities for packages: ffmpeg...
GHSA-4WRG-8WPC-H923 vulnerabilities
Vulnerabilities for packages: apache-nifi-registry, apache-nifi...
GitHub Enterprise 3.x < 3.14.25 / 3.15.x < 3.15.20 / 3.16.x < 3.16.16 / 3.17.x < 3.17.13 / 3.18.x < 3.18.7 / 3.19.x < 3.19.4 RCE (CVE-2026-3854)
The version of GitHub Enterprise installed on the remote host is affected by a remote code execution vulnerability: - An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote...
CVE-2026-3143
creationtimestamp| type| source ---|---|--- 2026-04-30 23:00:04+00:00| seen| https://t.me/GithubRedTeam/82241 2026-04-30 23:00:10+00:00| seen| Telegram/P45NJHmymloXtZIQDhqedqgrJijkJmCthR1UJzeSteIHM 2026-05-07 20:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/83256 2026-05-08...
GHSA-V4P8-MG3P-G94G vulnerabilities
Vulnerabilities for packages: litellm...
GHSA-XQMJ-J6MV-4862 vulnerabilities
Vulnerabilities for packages: litellm...
CVE-2026-42594
creationtimestamp| type| source ---|---|--- 2026-04-30 18:32:12+00:00| published-proof-of-concept| https://github.com/gotenberg/gotenberg/security/advisories/GHSA-r33j-c622-r6qp...
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, OX Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2...
The (In)security Landscape of AI-Powered GitHub Actions (Part 2/2)
When AI meets CI/CD: permission bypasses, prompt injection, and what to do about it...