GHSA-M758-WJHJ-P3JQ

creationtimestamp| type| source ---|---|--- 2026-04-20 19:17:56+00:00| published-proof-of-concept| Telegram/lEx4szWN0qGJp6nrTUnjGPs2FeG4zgfzAhM3YBb6L1MKYlY...

CVE-2026-42180

creationtimestamp| type| source ---|---|--- 2026-04-20 14:11:48+00:00| published-proof-of-concept| https://api.github.com/repos/LemmyNet/lemmy/security-advisories/GHSA-3jvj-v6w2-h948...

autopoc

AutoPoC Automated proof-of-concept deployments on OpenShift...

MAL-2026-2946 Malicious code in moonbit-metrics-validator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e6bb44c25db578131ec69b1c961c22f67cabb0b81aae5fe9d4620194bf8d83cc Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...

MAL-2026-2947 Malicious code in moonbit-schema-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5fd7cc9fd6247802480f37b02a23faadb37c7fa5aded77358015c0861ab980e7 Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...

Malicious code in moonbit-locale-compat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d42bb32adb1fb5f388368b9e4ab382bfbc8cd7f62dab4c70a8563a448ce9c2af Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...

Weaponizing the Commons: A Taxonomy and Detection Framework of Abuse on GitHub

GitHub plays a critical role in modern software supply chains, making its security an important research concern. Existing studies have primarily focused on CI/CD automation, collaboration patterns, and community management, while abuse behaviors on GitHub have received little systematic...

CVE-2026-40887

creationtimestamp| type| source ---|---|--- 2026-04-19 21:03:03+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mjuu2zdoll2i 2026-04-21 21:27:12+00:00| seen| Telegram/F2G63fMNgyZcc0oNt6XGHExAkvTr9kUyS9C9Ki-AIDnnQ5g...

Malicious code in rblx-studio-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0984290664d514183109c836bea6a2bda03e33f89563accc6c79a51e281688f8 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

CVE-2026-41179

creationtimestamp| type| source ---|---|--- 2026-04-19 12:17:45+00:00| published-proof-of-concept| https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q 2026-04-19 12:17:45+00:00| published-proof-of-concept|...

GHSA-W8J3-QVC3-H56F

creationtimestamp| type| source ---|---|--- 2026-04-19 07:22:56+00:00| seen| https://bsky.app/profile/azu.bsky.social/post/3mjtgake2o22p...

GHSA-2M2V-V563-QQVJ

creationtimestamp| type| source ---|---|--- 2026-04-18 01:18:19+00:00| published-proof-of-concept| Telegram/lPGIWgtQcs4RDQrNkGM74AEu7FEWLIcUMs54pp3qHTSOJE...

PT-2026-34558

Name of the Vulnerable Software and Affected Versions PHPUnit versions prior to 12.5.22 PHPUnit versions prior to 13.1.6 Description PHPUnit forwards PHP INI settings to child processes as -d name=value command-line arguments without neutralizing INI metacharacters. Because the PHP INI parser...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

GHSA-PHW3-QP59-X2V4

creationtimestamp| type| source ---|---|--- 2026-04-17 21:23:11+00:00| published-proof-of-concept| Telegram/GxkwnkIopWEGLbC11BdcbbYVRqOADIf4t7f5VnXFMKG7Kn8...