29462 matches found
GHSA-GPJ5-G38J-94V9
creationtimestamp| type| source ---|---|--- 2026-04-07 21:22:19+00:00| seen| Telegram/ORzlugWNJSN1mBT3L8tDKZ1H7oYKkiEmKL9E7e5xnpgHaiU...
EUVD-2026-19918
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for an...
CVE-2026-39382
In CVE-2026-39382, the vulnerability arises in a dbt workflow where the prep job uses peter-evans/find-comment to fetch a comment-body, which is then interpolated into a shell command without escaping. This allows attacker-controlled text to break out of quotes and inject arbitrary shell commands...
CVE-2026-39382 dbt has a Command Injection in Reusable Workflow via Unsanitized comment-body Output
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for an...
GHSA-H762-RHV3-H25V vulnerabilities
Vulnerabilities for packages: openexr...
GHSA-66FC-V5XJ-X859
creationtimestamp| type| source ---|---|--- 2026-04-07 19:35:24+00:00| seen| Telegram/d9ntGhgAXUNib3HVhoGCh5gTeuhEkXLp8JxGb0TRA4y7Jks...
GHSA-VPWC-V33Q-MQ89
creationtimestamp| type| source ---|---|--- 2026-04-07 19:33:43+00:00| seen| Telegram/7stdzVfIjMVb7tvEQLoql-CFRLg5JIYu0eUqsXCfmQ30DI4...
GHSA-CJ63-JHHR-WCXV vulnerabilities
Vulnerabilities for packages: wazuh-dashboard...
CVE-2026-35580
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflowdispatch inputs were interpolated directly into shell commands via $ expression syntax. An attacker with repository write access could...
UBUNTU-CVE-2026-33816
Memory-safety vulnerability in github.com/jackc/pgx/v5...
CVE-2026-35580
Emissary (a P2P data-driven workflow engine) contains a shell-injection vulnerability in GitHub Actions workflow files prior to version 8.39.0. User-controlled workflow_dispatch inputs could be interpolated directly into shell commands via ${{ }} expressions in run blocks, enabling an attacker wi...
CVE-2026-35580 Emissary has GitHub Actions Shell Injection via Workflow Inputs
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflowdispatch inputs were interpolated directly into shell commands via $ expression syntax. An attacker with repository write access could...
CVE-2026-35580
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflowdispatch inputs were interpolated directly into shell commands via $ expression syntax. An attacker with repository write access could...
CVE-2026-33816 CVE-2026-33816 in github.com/jackc/pgx
Memory-safety vulnerability in github.com/jackc/pgx/v5...
GO-2026-4881 Incus vulnerable to arbitrary file read and write through pongo templates in github.com/lxc/incus
Incus vulnerable to arbitrary file read and write through pongo templates in github.com/lxc/incus...
GO-2026-4882 Incus does not verify combined fingerprint when downloading images from simplestreams servers in github.com/lxc/incus
Incus does not verify combined fingerprint when downloading images from simplestreams servers in github.com/lxc/incus...
GO-2026-4885 Incus vulnerable to local privilege escalation through VM screenshot path in github.com/lxc/incus
Incus vulnerable to local privilege escalation through VM screenshot path in github.com/lxc/incus...
GO-2026-4772 CVE-2026-33816 in github.com/jackc/pgx
Memory-safety vulnerability in github.com/jackc/pgx/v5...
GO-2026-4886 Incus vulnerable to denial of source through crafted bucket backup file in github.com/lxc/incus
Incus vulnerable to denial of source through crafted bucket backup file in github.com/lxc/incus...
GO-2026-4790 Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service in github.com/elastic/beats
Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service in github.com/elastic/beats...