29552 matches found
Improper Validation of Specified Quantity in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the flow.cuda.BoolTensor component when processing crafted input. An attacker can cause the application to crash or become unresponsive by submitting specially crafted data...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the flow.columnstack component. An attacker can cause the application to crash by submitting specially crafted input. Remediation There is no fixed version for oneflow. References - GitHub Issue Credit: Daisy2ang...
Division by zero
Overview Affected versions of this package are vulnerable to Division by zero in the flow.floordivide function. An attacker can cause the application to crash or become unresponsive by providing a specially crafted input tensor containing a zero value. Remediation There is no fixed version for...
GHSA-HFPW-X3FG-WMMG vulnerabilities
Vulnerabilities for packages: python...
GHSA-R92C-9C7F-3PJ8 vulnerabilities
Vulnerabilities for packages: opentofu...
GHSA-7XVX-8PF2-PV5G
creationtimestamp| type| source ---|---|--- 2026-01-28 03:27:20+00:00| seen| https://bsky.app/profile/cyber-news-fi.bsky.social/post/3mdhdcleuyh2d...
GHSA-9JWR-P39P-HWG2 vulnerabilities
Vulnerabilities for packages: nodejs...
GHSA-J65R-8HRG-QC6X vulnerabilities
Vulnerabilities for packages: nodejs...
SUSE CVE-2026-24480
QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...
GitHub: Add labels to arbitrary issues/prs & compromise github actions label checks
A vulnerability was identified that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value updates were applied without verifying the actor's...
CVE-2026-24910
In Bun before 1.3.5, the default trusted dependencies list aka trust allow list can be spoofed by a non-npm package in the case of a matching name for file, link, git, or github...
CVE-2026-24910
In Bun before 1.3.5, the default trusted dependencies list aka trust allow list can be spoofed by a non-npm package in the case of a matching name for file, link, git, or github...
CVE-2026-24910
CVE-2026-24910 affects Bun prior to 1.3.5. The issue: the default trusted dependencies list (trust allow list) can be spoofed by a non-npm package when a name matches an existing trusted dependency, across file, link, git, or GitHub sources. Reported impacts include potential manipulation of the ...
EUVD-2026-4859
In Bun before 1.3.5, the default trusted dependencies list aka trust allow list can be spoofed by a non-npm package in the case of a matching name for file, link, git, or github...
CVE-2026-24910
In Bun before 1.3.5, the default trusted dependencies list aka trust allow list can be spoofed by a non-npm package in the case of a matching name for file, link, git, or github...
CVE-2026-24480
QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...
CVE-2026-24480 QGIS had validated RCE and Repository Takeover via GitHub Actions
QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...
CVE-2026-24480
CVE-2026-24480 affects QGIS’ GitHub Actions workflow named “pre-commit checks.” Before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, the workflow used pull_request_target and checked out/executed untrusted PR code in a privileged context, allowing potential remote code execution and repository...
CVE-2026-24480 QGIS had validated RCE and Repository Takeover via GitHub Actions
QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...
CVE-2026-24480 QGIS had validated RCE and Repository Takeover via GitHub Actions
QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...