29462 matches found
GO-2026-4912 Fleet's user account creation via invite does not enforce invited email address in github.com/fleetdm/fleet
Fleet's user account creation via invite does not enforce invited email address in github.com/fleetdm/fleet...
GO-2026-4904 nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover in github.com/0xJacky/Nginx-UI
nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover in github.com/0xJacky/Nginx-UI...
GO-2026-4913 Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin in github.com/fleetdm/fleet
Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin in github.com/fleetdm/fleet...
GO-2026-4916 Mattermost doesn't rate limit login requests, allowing DoS in github.com/mattermost/mattermost-server
Mattermost doesn't rate limit login requests, allowing DoS in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
GO-2026-4911 Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF) in github.com/docker/model-runner
Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery SSRF in github.com/docker/model-runner...
GO-2026-4901 nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui
nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui...
GO-2026-4903 nginx-ui Backup Restore Allows Tampering with Encrypted Backups in github.com/0xJacky/Nginx-UI
nginx-ui Backup Restore Allows Tampering with Encrypted Backups in github.com/0xJacky/Nginx-UI...
GO-2026-4906 nginx-ui has Race Condition that Leads to Persistent Data Corruption and Service Collapse in github.com/0xJacky/Nginx-UI
nginx-ui has Race Condition that Leads to Persistent Data Corruption and Service Collapse in github.com/0xJacky/Nginx-UI...
GO-2026-4873 Ella Core has Privilege Escalation via Database Restore by NetworkManager role in github.com/ellanetworks/core
Ella Core has Privilege Escalation via Database Restore by NetworkManager role in github.com/ellanetworks/core...
CVE-2026-35452
creationtimestamp| type| source ---|---|--- 2026-04-02 18:01:54+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-99j6-hj87-6fcf...
CVE-2026-35448
creationtimestamp| type| source ---|---|--- 2026-04-02 17:52:54+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-3v7m-qg4x-58h9...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview fast-filesystem-mcp is a Fast Filesystem MCP Server - Advanced file operations with Auto-Chunking, Sequential Reading, complex file operations copy, move, delete, batch, compress, optimized for Claude Desktop Affected versions of this package are vulnerable to Improper Neutralization of...
Why GitHub Developers Are Targeted by Token Giveaway Scams
GitHub developers face rising giveaway scams. Verify repos, links, and maintainers before acting. Avoid rushed clicks, fake rewards, and risky wallet actions...
PT-2026-29944
nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui...
PT-2026-29929
Ella Core has a Denial of Service via SCTP connection cleanup deadlock in github.com/ellanetworks/core...
PT-2026-29938
act: Unrestricted set-env and add-path command processing enables environment injection in github.com/nektos/act...
PT-2026-29926
Contrast BadAML injection allows arbitrary code execution in github.com/edgelesssys/contrast...
GHSA-FC4P-P49V-R948
creationtimestamp| type| source ---|---|--- 2026-04-01 23:28:03+00:00| seen| Telegram/9GieXm2mvI1hTc72mHyuKx2RXs9Lk1GMse1mK9qILNsF30...
GHSA-VC68-257W-M432
creationtimestamp| type| source ---|---|--- 2026-04-01 23:27:26+00:00| published-proof-of-concept| Telegram/W-ZMhqLt3Z16f8AdFiB8UF-gG999hpwzW6X3s6aq-w7Q74...
Improper Authorization
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Improper Authorization in the overrideStatus request parameter, which is processed by the setStatus function. An attacker can bypass administrative moderation and...