29468 matches found
GHSA-C97J-HMJ5-572H vulnerabilities
Vulnerabilities for packages: firefox...
GHSA-MRRG-439G-X65P vulnerabilities
Vulnerabilities for packages: firefox...
GHSA-PQFX-CWF8-965Q vulnerabilities
Vulnerabilities for packages: firefox...
act: Unrestricted set-env and add-path command processing enables environment injection
Summary act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which GitHub Actions disabled in October 2020 CVE-2020-15228, GHSA-mfwh-5m23-j46w due to environment injection risks. When a workflow step echoes untrusted data to stdout, an attacker can inject...
GHSA-XMGR-9PQC-H5VW act: Unrestricted set-env and add-path command processing enables environment injection
Summary act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which GitHub Actions disabled in October 2020 CVE-2020-15228, GHSA-mfwh-5m23-j46w due to environment injection risks. When a workflow step echoes untrusted data to stdout, an attacker can inject...
CVE-2026-34396
creationtimestamp| type| source ---|---|--- 2026-03-27 18:49:12+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-v4h7-3x43-qqw4...
GO-2026-4859 BuildKit Git URL subdir component can cause access to restricted files in github.com/moby/buildkit
BuildKit Git URL subdir component can cause access to restricted files in github.com/moby/buildkit...
EUVD-2025-209105
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUBTOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits...
org.webjars.npm:directory-encoder (=0.9.2), org.webjars.npm:engine-handlebars (=0.8.2) +8 more potentially affected by CVE-2026-33938 via org.webjars.npm:handlebars (>=4.0.14 <=4.7.8)
org.webjars.npm:handlebars MAVEN version =4.0.14, =1.5.0, =1.31.0, =1.37.0, =2.0.0, =2.0.0, =2.1.0, =2.1.1 Source cves: CVE-2026-33938 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15803083...
CVE-2025-15617
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUBTOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits...
CVE-2025-15617
CVE-2025-15617 concerns Wazuh v4.12.0, where a vulnerability in GitHub Actions workflow artifacts allows extraction of the GITHUB_TOKEN from uploaded artifacts. This exposed token, obtainable within a limited time window, could enable attackers to perform unauthorized actions such as pushing mali...
CVE-2025-15617 Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUBTOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits...
CVE-2025-15617
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUBTOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits...
CVE-2025-15617 Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUBTOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits...
CVE-2026-34360
creationtimestamp| type| source ---|---|--- 2026-03-27 13:33:36+00:00| published-proof-of-concept| https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-3ww8-jw56-9f5h...
GHSA-H6C8-CWW8-35HF vulnerabilities
Vulnerabilities for packages: grafana...
security-research
Security Research & Vulnerability Proof-of-Concepts Welcome t...
GHSA-6HRP-7FQ9-3QV2
creationtimestamp| type| source ---|---|--- 2026-03-27 03:18:12+00:00| seen| Telegram/wovzpCQvp7hlTQxwTsDEYFJDESQHFA6mVe176dFHuk85of0...
GHSA-7H8W-HJ9J-8RJW
creationtimestamp| type| source ---|---|--- 2026-03-27 03:17:50+00:00| published-proof-of-concept| Telegram/GblWBcVIPYIrXGBoPy7bAM0O64UdRepvGT6caCd3l3fA...
PT-2026-28280
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commit...