CVE-2026-32946 Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier)

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, the Harden-Runner that allows bypass of the egress-policy: block network restriction using DNS queries over TCP. Egress policies are enforced on GitHub runners by filtering...

GHSA-6457-6JRX-69CR vulnerabilities

Vulnerabilities for packages: sqlpad...

GHSA-WFV2-PWC8-CRG5 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards...

GHSA-V9P9-HFJ2-HCW8 vulnerabilities

Vulnerabilities for packages: renovate, langfuse, jitsucom-jitsu, code-server...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Embedded Malicious Code

Overview @emilgroup/insurance-sdk is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NP...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Embedded Malicious Code

Overview @emilgroup/docxtemplater-util is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released ...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

CVE-2026-33314

creationtimestamp| type| source ---|---|--- 2026-03-19 17:55:53+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-q485-cg9q-xq2r...

GHSA-WJ64-GH9J-XM82 vulnerabilities

Vulnerabilities for packages: openssl...

CVE-2026-32737

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod...

CVE-2026-32805

CVE-2026-32805 corresponds to an Archive Slip flaw in Romeo’s webserver sanitization (github.com/ctfer-io/romeo/webserver). The root cause is a missing trailing path separator in the strings.HasPrefix check within sanitizeArchivePath, enabling a crafted tar to traverse outside the intended destin...

CVE-2026-32805

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...

EUVD-2026-12999

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod...

CVE-2026-32737

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod...

GHSA-6P9P-Q6WH-9J89 vulnerabilities

Vulnerabilities for packages: dagdotdev...

CVE-2026-32694

creationtimestamp| type| source ---|---|--- 2026-03-18 12:55:22+00:00| published-proof-of-concept| https://github.com/juju/juju/security/advisories/GHSA-5cj2-rqqf-hx9p...

GHSA-5PWR-322W-8JR4 vulnerabilities

Vulnerabilities for packages: localstack, keep-fips, keep, airflow, az, datahub-ingestion, authentik, mitmproxy, superset, py3-cassandra-medusa, datadog-agent-fips, gitlab-cng, awx, gitlab-cng-fips, request-1276, authentik-fips, datadog-agent...