GHSA-G353-MGV3-8PCJ

creationtimestamp| type| source ---|---|--- 2026-03-14 04:40:05+00:00| seen| https://gist.github.com/alon710/6d8cc1349cbd20b4b2228bf8920e9f07 2026-03-29 15:20:09+00:00| seen| Telegram/bOji7uFGKpjQ-Vv3CFZvWqxNHLg4F03MY6E5pxai3iB8W0...

GHSA-44VG-5WV2-H2HG

creationtimestamp| type| source ---|---|--- 2026-03-14 02:40:05+00:00| seen| https://gist.github.com/alon710/1291af57a3f24c084d79b6036abb3239...

GHSA-43W8-4Q7X-65HJ vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-GW82-5JC5-87CJ vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-CGHR-H62W-2FC6 vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-GC25-M8G6-JP4F vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-C8GQ-RHQH-WGWM vulnerabilities

Vulnerabilities for packages: dotnet-bootstrap...

CVE-2024-30464

creationtimestamp| type| source ---|---|--- 2026-03-13 18:23:34+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-30464.yaml...

Exploit for Improper Input Validation in Toolkit_Project Toolkit

gha-exploit-guard Standalone GitHub Action that scans GitHub...

GHSA-P9X5-JP3H-96MM

creationtimestamp| type| source ---|---|--- 2026-03-13 01:50:05+00:00| seen| https://gist.github.com/alon710/dd7ce6343fb3c4caed99cdfa0a07695a...

Linux Distros Unpatched Vulnerability : CVE-2026-31900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for...

GO-2026-4671 Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval in github.com/anchore/quill

Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval in github.com/anchore/quill...

GO-2026-4670 OliveTin's unsafe parsing of UniqueTrackingId can be used to write files in github.com/OliveTin/OliveTin

OliveTin's unsafe parsing of UniqueTrackingId can be used to write files in github.com/OliveTin/OliveTin...

GO-2026-4678 Unauthorized access to Argo Workflows Template in github.com/argoproj/argo-workflows

Unauthorized access to Argo Workflows Template in github.com/argoproj/argo-workflows...

@cloudcommerce/storefront (>=0.10.0 <=0.11.0), @gspenst/next (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2026-29066 via @tinacms/cli (>=0.60.28 <=1.12.6)

@tinacms/cli NPM version =0.60.28, =0.10.0, =0.0.1, =0.1.0, =0.0.2, =0.0.3, =0.0.1, =0.1.3 - next-tina-github-starter =0.1.0 - ramidus =1.2.1 Source cves: CVE-2026-29066 Source advisory: OSV:GHSA-M48G-4WR2-J2H6...

@cloudcommerce/storefront (>=0.10.0 <=0.11.0), @gspenst/next (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2026-28793 via @tinacms/cli (>=0.60.28 <=1.12.6)

@tinacms/cli NPM version =0.60.28, =0.10.0, =0.0.1, =0.1.0, =0.0.2, =0.0.3, =0.0.1, =0.1.3 - next-tina-github-starter =0.1.0 - ramidus =1.2.1 Source cves: CVE-2026-28793 Source advisory: OSV:GHSA-2F24-MG4X-534Q...

GHSA-92GP-JFGX-9QPV

creationtimestamp| type| source ---|---|--- 2026-03-12 19:10:05+00:00| seen| https://gist.github.com/alon710/81922f2048444626dde8917d1920b821...

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

In this article 1. From search to stolen credentials: Storm-2561 attack chain 2. Defending against credential theft campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise In mid-January 2026, Microsoft Defender Experts identified a credential theft campaign tha...

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

In this article 1. From search to stolen credentials: Storm-2561 attack chain 2. Defending against credential theft campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise In mid-January 2026, Microsoft Defender Experts identified a credential theft campaign tha...

SUSE CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...