PT-2026-6530

EVE's Debug Functions Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve...

PT-2026-6525

Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability in github.com/apache/answer. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positiv...

PT-2026-6519

terraform-provider-proxmox has insecure sudo recommendation in the documentation in github.com/bpg/terraform-provider-proxmox...

PT-2026-6531

EVE Doesn't Measure Config Partition From 2 Fronts in github.com/lf-edge/eve...

Characterizing and Modeling the GitHub Security Advisories Review Pipeline

GitHub Security Advisories GHSA have become a central component of open-source vulnerability disclosure and are widely used by developers and security tools. A distinctive feature of GHSA is that only a fraction of advisories are reviewed by GitHub, while the mechanisms associated with this revie...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the attribute handling logic in restHandler/AttributesRestHandlder.go‎, which is accessible over the /attributes endpoint with /orchestrator/attributes?key=apiTokenSecret. A user can obtain the global API Token...

GHSA-RF4G-89H5-CRCR vulnerabilities

Vulnerabilities for packages: wolfictl, cg...

USN-8012-1 gh vulnerabilities

It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An attacker could possibly use this issue to create or overwrite files in unintended directories. CVE-2024-54132 It was discovered that GitHub CLI...

USN-8012-1: GitHub CLI vulnerabilities

It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An attacker could possibly use this issue to create or overwrite files in unintended directories. CVE-2024-54132 It was discovered that GitHub CLI...

CVE-2026-25221

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...

Fedora 43 : python-python-multipart (2026-08c12edc84)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-08c12edc84 advisory. Security fix for CVE-2026-24486 / GHSA- wp53-j4wj-2cfg. ---- 0.0.22 2026-01-25 Drop directory path from filename in File Tenable has extracted the preceding...

GHSA-477R-4CMW-3CGF

creationtimestamp| type| source ---|---|--- 2026-02-03 21:28:42+00:00| seen| Telegram/EolE0KtGpDyhwFa3K4uFjcrZ6zOl1wT5WaMQuq2zHWr2Ac...

GO-2026-4344 File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser

File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser...

GO-2026-4345 Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API in github.com/axllent/mailpit

Mailpit has a Server-Side Request Forgery SSRF via HTML Check API in github.com/axllent/mailpit...

GHSA-FC6G-2GCP-2QRQ

creationtimestamp| type| source ---|---|--- 2026-02-03 17:40:05+00:00| seen| https://gist.github.com/alon710/4c9483a1ae63cde824ec94a73e4b4ee0...

PT-2026-6511

Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability in github.com/fleetdm/fleet...

PT-2026-6508

Mailpit has an SMTP Header Injection via Regex Bypass in github.com/axllent/mailpit...

PT-2026-6513

File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser...

PT-2026-6504

Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper...

Can Developers Rely on LLMs for Secure IaC Development?

We investigated the capabilities of GPT-4o and Gemini 2.0 Flash for secure Infrastructure as Code IaC development. For security smell detection, on the Stack Overflow dataset, which primarily contains small, simplified code snippets, the models detected at least 71% of security smells when prompt...