29497 matches found
GHSA-87FH-RC96-6FR6
creationtimestamp| type| source ---|---|--- 2026-03-06 20:09:04+00:00| seen| https://github.blog/security/how-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework/...
GHSA-C9V3-4PV7-87PR
creationtimestamp| type| source ---|---|--- 2026-03-06 18:40:06+00:00| seen| https://gist.github.com/alon710/a8817b46e521d68e9ffadb12fd700261...
900+ Certificates Used by Fortune 500, Governments Exposed by Key Leaks
A joint study by Google and GitGuardian reveals that over 2,600 valid TLS certificates, protecting Fortune 500 companies and government agencies, were compromised due to private key leaks on GitHub and DockerHub...
@george.talusan/node-red-contrib-copilot (>=0.0.5 <=1.0.5), @github/copilot-sdk (>=0.1.9 <=0.1.31-unstable.0) +19 more potentially affected by CVE-2026-29783 via @github/copilot (>=0.0.375 <=0.0.421)
@github/copilot NPM version =0.0.375, =0.0.5, =0.1.9, =1.1.0, =0.0.0, =0.0.1, =1.2.3, =0.6.0, =1.0.1, =0.1.0, =1.0.0, =1.0.0, =1.0.15 - devdoctor-js =0.1.0 and more Source cves: CVE-2026-29783 Source advisory: SNYK:JS-GITHUBCOPILOT-15468228...
GHSA-G8R9-G2V8-JV6F GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution
Summary A security vulnerability has been identified in GitHub Copilot CLI's shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files...
EUVD-2026-10049
GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution...
Command Injection
Overview @github/copilot is a GitHub Copilot CLI brings the power of Copilot coding agent directly to your terminal. Affected versions of this package are vulnerable to Command Injection via crafted bash parameter expansion patterns in the shell command assessment process. An attacker can execute...
CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution
The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...
Beware of fake OpenClaw installers, even if Bing points you to GitHub
Attackers are abusing OpenClaw’s popularity by seeding fake “installers” on GitHub, boosted by Bing AI search results, to deliver infostealers and proxy malware instead of the AI assistant users were looking for. OpenClaw is an open‑source, self‑hosted AI agent that runs locally on your machine...
Malicious Package
Overview relay-github-root is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
ifood2-github-io (=9.9.9) potentially affected by unknown CVE via ifood-github-io (=9.9.9)
ifood-github-io NPM version =9.9.9 is affected by a known vulnerability. The following packages have a transitive dependency on ifood-github-io and may be impacted: - ifood2-github-io =9.9.9 Source cves: unknown CVE Source advisory: SNYK:JS-IFOODGITHUBIO-16300296...
Malicious Package
Overview ifood2-github-io is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
PT-2026-23732
Name of the Vulnerable Software and Affected Versions GitHub Copilot CLI versions prior to 0.0.423 Description The shell tool within GitHub Copilot CLI is susceptible to arbitrary code execution through crafted bash parameter expansion patterns. An attacker influencing commands executed by the...
GitHub Copilot CLI 操作系统命令注入漏洞
GitHub Copilot CLI is a terminal AI programming assistant open sourced by GitHub. Versions of GitHub Copilot CLI 0.0.422 and earlier had an operating system command injection vulnerability. This vulnerability stemmed from defects in shell security assessments, which could lead to arbitrary code...
CVE-2026-30824
creationtimestamp| type| source ---|---|--- 2026-03-05 21:31:50+00:00| published-proof-of-concept| https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-5f53-522j-j454 2026-04-15 07:09:15+00:00| confirmed|...
Incorrect Regular Expression
Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Incorrect Regular Expression in the Content-Type header validation. An attacker can cause the server to incorrectly process requests with malformed Content-Type headers by sending value...
GHSA-HFPC-8R3F-GW53 vulnerabilities
Vulnerabilities for packages: komodo, py3-xet-core, deno, parseable, linkerd-network-validator, rustls-ffi, linkerd-extension-init, pixi, garage, zed, nushell, zizmor, linkerd2-proxy, buck2, rustup, cargo-audit, zellij, linkerd2, linkerd2-cni-plugin, ztunnel, efs-utils, uv, lychee, ntpd-rs...
GHSA-747P-WMPV-9C78 vulnerabilities
Vulnerabilities for packages: localstack...
Backstage vulnerable to potential reading of SCM URLs using built in token
Impact A vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that construct API URLs, the traversal segments could redirect requests to unintended...
GHSA-95V5-PRP4-5GV5 Backstage vulnerable to potential reading of SCM URLs using built in token
Impact A vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that construct API URLs, the traversal segments could redirect requests to unintended...