29497 matches found
GO-2026-4574 ZITADEL has potential SSRF via Actions in github.com/zitadel/zitadel
ZITADEL has potential SSRF via Actions in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest...
GO-2026-4576 osctrl has Stored Cross-Site Scripting (XSS) in On-Demand Query List in github.com/jmpsec/osctrl
osctrl has Stored Cross-Site Scripting XSS in On-Demand Query List in github.com/jmpsec/osctrl...
GO-2026-4581 INSATutorat has an authorization bypass vulnerability in its /api/admin/* endpoints in github.com/romitou/insatutorat
INSATutorat has an authorization bypass vulnerability in its /api/admin/ endpoints in github.com/romitou/insatutorat...
CVE-2026-3854
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly...
CVE-2026-3854
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly...
CVE-2026-3306
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value...
CVE-2026-3306
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value...
CVE-2026-23654
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...
CVE-2026-23654
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...
CVE-2026-3306 Improper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write access
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value...
CVE-2026-3306 Improper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write access
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value...
CVE-2026-3306
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value...
CVE-2026-3306
CVE-2026-3306 describes an improper authorization in GitHub Enterprise Server where a user with read access to a repository and write access to a project could modify issue and pull request metadata via the project without repository write permissions being verified during column value updates. T...
CVE-2026-30920
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...
CVE-2026-3854
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly...
CVE-2026-3854 Remote code execution via git push option injection in GitHub Enterprise Server
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly...
CVE-2026-3854
CVE-2026-3854 describes an RCE vulnerability in GitHub Enterprise Server arising during git push option handling. An attacker with push access could abuse unsanitized user-supplied push option values that are incorporated into internal service headers; because the header format uses a delimiter t...
CVE-2026-23654
CVE-2026-23654 affects the zero-shot-scfoundation GitHub repository via a dependency on a vulnerable third‑party component. The entry describes an unauthorized attacker receiving remote code execution over a network. CVSSv3.1 details: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H with base score 8.8 (HIGH)...
CVE-2026-23654 GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
...
CVE-2026-23654 GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
...