GO-2026-4736 GoBGP vulnerable to a denial of service via the NEXT_HOP path attribute in github.com/osrg/gobgp

GoBGP vulnerable to a denial of service via the NEXTHOP path attribute in github.com/osrg/gobgp...

The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines

By Diana Brown Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. These emails are transmitted using the legitimate mail delivery infrastructure associated with GitHub and Jira...

GHSA-C427-H43C-VF67 vulnerabilities

Vulnerabilities for packages: kserve, dask-kubernetes, kubeflow-pipelines-visualization-server, checkov, open-webui, airflow, py3-cassandra-medusa...

GHSA-M5QP-6W8W-W647 vulnerabilities

Vulnerabilities for packages: kserve, dask-kubernetes, kubeflow-pipelines-visualization-server, checkov, open-webui, airflow, py3-cassandra-medusa...

Emissary 命令注入漏洞

Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary prior to 8.39.0 contained a command injection vulnerability. This vulnerability stemmed from shell injection points in the GitHub Actions workflow files. User-controlled...

PT-2026-31009

Name of the Vulnerable Software and Affected Versions dbt affected versions not specified Description dbt allows data analysts and engineers to transform data using software engineering practices. A command injection issue exists in the workflow located at...

GHSA-2WVG-62QM-GJ33

creationtimestamp| type| source ---|---|--- 2026-04-06 21:21:26+00:00| published-proof-of-concept| Telegram/xKxKUYX0BRejEqYlrURXsjCQY9BctYcoeewNmSMWqY7riM...

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

CVE-2023-27997 XORtigate Detection System نظام آلي للكشف عن...

GHSA-RRVG-CXH4-QHRV vulnerabilities

Vulnerabilities for packages: py3-oauthenticator...

GHSA-6326-W46W-PPJW

creationtimestamp| type| source ---|---|--- 2026-04-06 19:29:44+00:00| seen| Telegram/RmP7l-K41x9UoCBscD5W8eizA4yDJaPJqAKKOeWwXNyu-8...

GHSA-V8X3-W674-55P5

creationtimestamp| type| source ---|---|--- 2026-04-06 19:29:29+00:00| published-proof-of-concept| Telegram/0wjdVVOdHVRh-NR-AUdnOvXJcqqbi6lE8Vl80iGy2s6Zy0...

GHSA-WC4H-2348-JC3P

creationtimestamp| type| source ---|---|--- 2026-04-06 19:29:09+00:00| seen| Telegram/t1F-Vxaulmn07lvg5ppSTSOssGvqtwkUpkkBVUVRjFPlk...

CVE-2026-27124

A flaw was found in FastMCP and FastMCP OAuthProxy. The OAuthProxy, used for GitHub OAuth authentication, does not properly validate a user's consent after receiving an authorization code from GitHub. This, combined with GitHub's behavior of skipping the consent page for previously authorized...

GHSA-W88V-VQHQ-5P24

creationtimestamp| type| source ---|---|--- 2026-04-06 17:32:38+00:00| seen| Telegram/n5Nok-XlRHEre5O89LvYLplT02rw8wZYprnGR4USXlLgM...

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Threat actors likely associated with the Democratic People's Republic of Korea DPRK have been observed using GitHub as command-and-control C2 infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows...

CVE-2026-39365

creationtimestamp| type| source ---|---|--- 2026-04-06 12:13:21+00:00| published-proof-of-concept| https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9 2026-04-06 12:13:21+00:00| published-proof-of-concept| https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9...

github-repo-scanner

No d...

GHSA-VGPV-F759-9WX3 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, gitlab-rails-ce, ruby3.2-rails, gitlab-rails-ce-fips, gitlab-cng, logstash, pact-broker-docker-fips, pact-broker-docker, ruby3.4-rails...

GHSA-QV7J-4883-HWH7 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, gitlab-rails-ce, ruby3.2-rails, gitlab-rails-ce-fips, gitlab-cng, logstash, pact-broker-docker-fips, pact-broker-docker, ruby3.4-rails...

LLM-Enabled Open-Source Systems in the Wild: An Empirical Study of Vulnerabilities in GitHub Security Advisories

Large language models LLMs are increasingly embedded in open-source software OSS ecosystems, creating complex interactions among natural language prompts, probabilistic model outputs, and execution-capable components. However, it remains unclear whether traditional vulnerability disclosure...