ALSA-2026:3092 Important: golang-github-openprinting-ipp-usb security update

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol. Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption ...

GHSA-QHP6-635J-X7R2

creationtimestamp| type| source ---|---|--- 2026-02-21 12:40:40+00:00| seen| https://gist.github.com/alon710/e56b547bb8d66c88c36130e6613a09b3...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation in the SAML SSO authentication process. An attacker can gain unauthorized access to user accounts by leveraging a malicious SAML Identity Provider and another organization configured on the same instance. Notes: - Thi...

GHSA-QQ5R-98HH-RXC9 vulnerabilities

Vulnerabilities for packages: thingsboard...

GHSA-69X3-G4R3-P962 vulnerabilities

Vulnerabilities for packages: step-issuer, step-ca, step, caddy...

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

In yet another software supply chain attack, the open-source, artificial intelligence AI-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM P...

GHSA-33HQ-FVWR-56PM

creationtimestamp| type| source ---|---|--- 2026-02-20 11:10:40+00:00| seen| https://gist.github.com/alon710/730aa02397a258f2f1ed0aa8f4fa4e6d...

Vulnerabilities fixed in GitHub Enterprise Server

GitHub has fixed vulnerabilities in GitHub Enterprise Server Specifically for versions before 3.20, 3.19.2, 3.18.5 and 3.17.11. The first vulnerability concerns an authorization issue that allowed attackers to merge unauthorized pull-requests into repositories that provide fork support. The secon...

go-container-poc

go-contai...

GHSA-6C9J-X93C-RW6J

creationtimestamp| type| source ---|---|--- 2026-02-20 02:10:39+00:00| seen| https://gist.github.com/alon710/f4eee2d51384628d064473d1a040d3d4 2026-02-20 02:40:34+00:00| seen| https://bsky.app/profile/flarestart.bsky.social/post/3mfb3galb2g2s...

GHSA-3PPC-4F35-3M26 vulnerabilities

Vulnerabilities for packages: lerna, rancher-api-ui, sqlpad, kubeflow-pipelines, pulumi, serve, renovate, tileserver-gl, eslint, node-gyp, saf, langfuse, kubeflow-centraldashboard, argo-workflows, prism, npm, opensearch-dashboards, code-server, vitess...

CVE-2026-1355

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...

CVE-2026-1999

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enableautomerge mutation for pull requests. This issue only affect...

CVE-2026-0573

An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repositorypages API insecurely followed HTTP redirects when fetching artifact URLs, preserving the authorization header containing a...

GHSA-WFQV-66VQ-46RM

creationtimestamp| type| source ---|---|--- 2026-02-19 22:40:39+00:00| seen| https://gist.github.com/alon710/ee16e9aabb8895513a00d88d6dc1ac96...

GHSA-9PPG-JX86-FQW7

creationtimestamp| type| source ---|---|--- 2026-02-19 17:10:40+00:00| seen| https://gist.github.com/alon710/7522c30fea1d97914f8cc887eb8aaf04 2026-02-19 17:40:35+00:00| seen| https://bsky.app/profile/flarestart.bsky.social/post/3mfa5anzvrs2t 2026-03-06 02:48:42+00:00| seen|...

GHSA-RP46-R563-JRC7 vulnerabilities

Vulnerabilities for packages: apache-hop-fips, celeborn, kafbat-ui, spark-fips, logstash, spark, pinot, akhq, apache-pulsar, druid, kafbat-ui-fips, wavefront-proxy, apache-hop, hadoop-fips...

CLEANSTART-2026-YN08405 Security fixes for GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x applied in versions: 7.1.1-r7

Multiple security vulnerabilities affect the minio-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-1999

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to access internal services bound to loopback or unspecified addresses, potentially disrupting background job processing, accessing administrative endpoints, metrics, and...

CVE-2026-1999

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enableautomerge mutation for pull requests. This issue only affect...