CVE-2025-59136

creationtimestamp| type| source ---|---|--- 2026-04-23 07:48:04+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-59136.yaml 2026-04-24 21:02:33+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mkbgeoldbm2x...

SUSE CVE-2026-40903

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

Embedded Malicious Code

Overview @bitwarden/cli is an A secure and free password manager for all of your devices. Affected versions of this package are vulnerable to Embedded Malicious Code included in a compromised release that is suspected to be part of the Checkmarx April compromise. The payload is delivered via...

GHSA-39Q2-94RC-95CP vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, langfuse...

GHSA-5CWG-9F6J-9JVX

creationtimestamp| type| source ---|---|--- 2026-04-22 19:23:16+00:00| seen| Telegram/y1XO5mBm2flLcrjS5YpFLtlumq47M984z8tJCHSwnxFgvg...

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and...

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the artifact creation process. An attacker can gain unauthorized access to sensitive credentials by extracting workflow artifacts containing the GITHUBTOKEN. Remediation Upgrade...

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the artifact creation process. An attacker can gain unauthorized access to sensitive credentials by extracting workflow artifacts containing the GITHUBTOKEN. Remediation Upgrade...

CVE-2025-62039

creationtimestamp| type| source ---|---|--- 2026-04-22 16:54:21+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-62039.yaml 2026-04-23 21:03:14+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mk6vwu4jqz2i...

CVE-2026-41432

creationtimestamp| type| source ---|---|--- 2026-04-22 14:14:22+00:00| published-proof-of-concept| https://github.com/QuantumNous/new-api/security/advisories/GHSA-xff3-5c9p-2mr4...

CVE-2026-44015

creationtimestamp| type| source ---|---|--- 2026-04-22 11:15:44+00:00| published-proof-of-concept| https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-wr32-99hh-6f35...

CVE-2021-3152

creationtimestamp| type| source ---|---|--- 2026-04-22 08:43:03+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-3152.yaml 2026-04-23 21:03:09+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mk6vwthxjx2x...

GHSA-HX6P-XPX3-JVVV vulnerabilities

Vulnerabilities for packages: wizer, zed, wasmcloud, yara-x...

Improper Authentication

Mattermost is vulnerable to improper authentication. The vulnerability is due to failure to validate plugin bot identity in reaction forwarding, which allows an attacker to hijack the GitHub reaction feature and make users add reactions to arbitrary GitHub objects via crafted notification posts...

GHSA-98CP-84M9-Q3QP

creationtimestamp| type| source ---|---|--- 2026-04-22 01:19:46+00:00| seen| Telegram/K73t--MeF8g6jG3bb2C-tygRugHSGj3gpQqllzPf61swe44...

EUVD-2026-24554

A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebo...

EUVD-2026-24550

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...

EUVD-2026-24552

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

EUVD-2026-24547

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as httpproxy. Exploitation o...

EUVD-2026-24545

An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when...