GHSA-WJ62-C5GR-2X53

creationtimestamp| type| source ---|---|--- 2026-04-14 17:27:49+00:00| seen| Telegram/X69Hoh64i7djUBejuAQijXCf66JncuFnYRKez2YtZF33U...

CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability

...

CVE-2026-23653

The CVE-2026-23653 vulnerability affects GitHub Copilot and the Visual Studio Code Copilot Chat Extension. It is described as an information disclosure caused by improper neutralization of special elements used in a command (command injection), potentially allowing an authorized user to disclose ...

CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability

...

CVE-2026-40479

creationtimestamp| type| source ---|---|--- 2026-04-14 14:03:14+00:00| published-proof-of-concept| https://github.com/kimai/kimai/security/advisories/GHSA-g82g-m9vx-vhjg...

GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network...

GHSA-R4Q5-VMMM-2653

creationtimestamp| type| source ---|---|--- 2026-04-14 12:01:09+00:00| seen| https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mjhdhgn23o2t 2026-04-20 01:05:19+00:00| seen| https://gist.github.com/konard/dc529ad3e07305daab99c78bc17d7ea6 2026-04-24 12:00:56+00:00| seen|...

Primer on GitHub Actions Security - Threat Model, Attacks and Defenses (Part 1/2)

Understanding and defending your GitHub Actions - from threat model to security controls...

Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...

GHSA-G985-WJH9-QXXC

creationtimestamp| type| source ---|---|--- 2026-04-14 05:17:42+00:00| seen| Telegram/EXit4BCARRaTXD4SBLqO-yd3UPNB5jBijYowsPR2aTE5HY...

CVE-2026-40313

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...

EUVD-2026-22214

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...

CVE-2026-40313

Summary: PraisonAI versions ≤ 4.5.139 expose GitHub Actions credential leakage via ArtiPACKED attack due to actions/checkout persisting GITHUB_TOKEN (and sometimes ACTIONS_RUNTIME_TOKEN) in the repository’s .git/config when artifacts are uploaded from workflows. This can allow read-access users t...

CVE-2026-40313 PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...

CVE-2026-40313 PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...

org.webjars.npm:axios (=0.15.3), org.webjars.npm:github-build (=1.2.0) +1 more potentially affected by CVE-2026-40895 via org.webjars.npm:follow-redirects (=1.0.0)

org.webjars.npm:follow-redirects MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:follow-redirects and may be impacted: - org.webjars.npm:axios =0.15.3 - org.webjars.npm:github-build =1.2.0 -...

Microsoft GitHub Copilot and Visual Studio Code 命令注入漏洞

Microsoft GitHub Copilot and Visual Studio Code are a set of intelligent coding tools developed by the American company Microsoft. There is a command injection vulnerability present in Microsoft GitHub Copilot and Visual Studio Code. Attackers can exploit this vulnerability to obtain sensitive...

PT-2026-32595

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.140 Description GitHub Actions workflows are susceptible to an ArtiPACKED attack, which is a credential leakage vector. This occurs when actions/checkout is used without setting persist-credentials: false. By...

Linux Distros Unpatched Vulnerability : CVE-2026-33929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFile...

PT-2026-32722

Name of the Vulnerable Software and Affected Versions GitHub Copilot affected versions not specified Visual Studio Code affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an authorized attacker to disclose...