GHSA-78X4-6X83-JX75

creationtimestamp| type| source ---|---|--- 2026-04-15 19:21:23+00:00| seen| Telegram/7Ck-SXA1c6Vf9FqVW81avKVix-fYO39OzelndhESQPxXBQ...

How to Harden GitHub Actions: An Updated Guide

Build resilient GitHub Actions workflows with lessons from recent attacks like TeamPCP and Axios...

SUSE CVE-2026-35580

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflowdispatch inputs were interpolated directly into shell commands via $ expression syntax. An attacker with repository write access could...

CVE-2026-41244

creationtimestamp| type| source ---|---|--- 2026-04-15 08:23:19+00:00| published-proof-of-concept| https://github.com/notamitgamer/mojic/security/advisories/GHSA-wqq3-wfmp-v85g...

vuln-poc-generate-skill

vuln-poc-generate-skill A Codex skill project for generating...

CVE-2026-41232

creationtimestamp| type| source ---|---|--- 2026-04-15 06:39:05+00:00| published-proof-of-concept| https://github.com/froxlor/froxlor/security/advisories/GHSA-vmjj-qr7v-pxm6...

GHSA-J2HF-X4Q5-47J3

creationtimestamp| type| source ---|---|--- 2026-04-15 01:19:29+00:00| seen| Telegram/4QaIVP4Z6j7I04jn6w3qCKrQ76Fz4EXtpUCBPkRfgX1dqr4...

GHSA-J6M5-2CC7-3WHC

creationtimestamp| type| source ---|---|--- 2026-04-15 01:19:21+00:00| published-proof-of-concept| Telegram/GYbH54sRbOOqgznzSrvNbIPKqa8TpEiUvDUzTYtUUyxy-E...

OWASP BLT 安全漏洞

OWASP BLT is an open-source gamified crowdsourcing platform for testing and disclosing vulnerabilities. Versions of OWASP BLT prior to 2.1.1 contained security vulnerabilities. These vulnerabilities were caused by a remote code execution issue in the.github/workflows/regenerate-migrations.yml...

Insufficient Session Expiration

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper session management when user permissions are changed. An attacker can retain unauthorized access to resource...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the magnify when an unrecognized magnify:method value is provided. An attacker can cause a denial of service by triggering an out-of-bounds read during image processing. Remediation A fix was pushed into t...

CVE-2026-41061

creationtimestamp| type| source ---|---|--- 2026-04-14 23:22:21+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-8pv3-29pp-pf8f...

GHSA-W8C4-C7R8-QGW2

creationtimestamp| type| source ---|---|--- 2026-04-14 23:21:40+00:00| published-proof-of-concept| Telegram/vFalP9cCg-kFoPrSdHM4ZH4qnLHRdngXJCuq8FbW2RkF4k...

CVE-2026-40594

creationtimestamp| type| source ---|---|--- 2026-04-14 21:24:21+00:00| published-proof-of-concept| https://github.com/pyload/pyload/security/advisories/GHSA-mp82-fmj6-f22v...

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed vulnerabilities in .NET, .NET Framework, Visual Studio and PowerShell. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Accessing sensitive data - Circumvention of a security...

EUVD-2026-22359

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network...

CVE-2026-23653

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network...

GHSA-WJ62-C5GR-2X53

creationtimestamp| type| source ---|---|--- 2026-04-14 17:27:49+00:00| seen| Telegram/X69Hoh64i7djUBejuAQijXCf66JncuFnYRKez2YtZF33U...

CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability

...

CVE-2026-23653

The CVE-2026-23653 vulnerability affects GitHub Copilot and the Visual Studio Code Copilot Chat Extension. It is described as an information disclosure caused by improper neutralization of special elements used in a command (command injection), potentially allowing an authorized user to disclose ...