29552 matches found
GHSA-743W-QRV8-633J vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-M5G9-928C-Q4JG vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-743W-QRV8-633J vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-6JR7-99PF-8VGF
creationtimestamp| type| source ---|---|--- 2026-01-30 23:20:42+00:00| seen| Telegram/pazjypwJ9q5j0AUml5NqFL8eGc5J3hEHdG482ywyT6Ic5U0...
CVE-2025-62240
creationtimestamp| type| source ---|---|--- 2026-01-30 16:30:50+00:00| seen| https://gist.github.com/alon710/dada607d9cf26924b64f5cc8b7be9433...
CLEANSTART-2026-YS66739 Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3
Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3. See references for individual vulnerability details...
CVE-2026-1699
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...
CVE-2026-1699
CVE-2026-1699 concerns the Eclipse Theia Website repository. The issue: the GitHub Actions workflow .github/workflows/preview.yml used the pull_request_target trigger while checking out and executing untrusted PR code. This allowed any GitHub user to run arbitrary code in the repository’s CI envi...
CVE-2026-1699
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...
CVE-2026-1699
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...
GHSA-XFHX-R7WW-5995 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter...
PT-2026-5388
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull request target trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access t...
GHSA-WV3H-X6C4-R867 vulnerabilities
Vulnerabilities for packages: keycloak...
GHSA-RHX3-FG8P-F9M4 vulnerabilities
Vulnerabilities for packages: openssl...
GHSA-V2VR-926Q-29FR vulnerabilities
Vulnerabilities for packages: openssl...
GHSA-3MXV-473P-H624 vulnerabilities
Vulnerabilities for packages: ffmpeg...
CVE-2026-24910
In Bun before 1.3.5, the default trusted dependencies list aka trust allow list can be spoofed by a non-npm package in the case of a matching name for file, link, git, or github...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception via the oneflow.logicalor function. An attacker can cause the application to crash by submitting specially crafted input. Remediation There is no fixed version for oneflow. References - GitHub Issue Credit: Daisy2ang...
Improper Validation of Specified Quantity in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the arange function. An attacker can cause the application to become unresponsive or crash by submitting specially crafted input. Remediation There is no fixed version for oneflow...
GHSA-PGJQ-PWJV-WJPX vulnerabilities
Vulnerabilities for packages: kibana...