CVE-2026-24137 vulnerabilities

Vulnerabilities for packages: timestamp-authority, xeol-fips, tkn, goreleaser, skopeo-fips, flux-source-controller-fips, falcoctl-fips, falcoctl, tekton-pipelines-fips, flux-source-controller, kubescape, crossplane, zarf, policy-controller-fips, spire-server-fips, fulcio,...

CVE-2026-23831 vulnerabilities

Vulnerabilities for packages: cloudbeat-fips, tkn, teleport, tkn-fips, gh, neuvector-sigstore-interface-fips, goreleaser, vexctl, ko-fips, aactl, kyverno, flux-source-controller-fips, gitsign, kyverno-fips, skaffold-fips, spire-server, image-factory, falcoctl-fips, neuvector-sigstore-interface,...

GitHub: PATs without the required scope can leak issues

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

GHSA-3QMM-R55X-HPXX vulnerabilities

Vulnerabilities for packages: airflow...

OESA-2026-1213 opencc security update

Opencc is for between Traditional Chinese and Simplified Chinese characters and phrases conversion library. Security Fixes: A vulnerability was found in BYVoid OpenCC up to 1.1.9 and classified as critical. Using CWE to declare the problem leads to CWE-122. A heap overflow condition is a buffer...

OESA-2026-1212 opencc security update

Opencc is for between Traditional Chinese and Simplified Chinese characters and phrases conversion library. Security Fixes: A vulnerability was found in BYVoid OpenCC up to 1.1.9 and classified as critical. Using CWE to declare the problem leads to CWE-122. A heap overflow condition is a buffer...

CVE-2020-16248

creationtimestamp| type| source ---|---|--- 2026-01-23 07:34:13+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2020/CVE-2020-16248.yaml 2026-01-25 21:03:01+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mdbmvmjmq52c...

CVE-2026-0927

creationtimestamp| type| source ---|---|--- 2026-01-23 07:23:16+00:00| seen| https://gist.github.com/Darkcrai86/30221df75e8d29c4c44a72efd5f3ce5b 2026-01-23 07:44:49+00:00| seen| https://gist.github.com/Darkcrai86/f6ceca6b6f5861138955c1b1e47ded28 2026-01-23 07:59:20+00:00| seen|...

Command Injection

Overview @sunwood-ai-labs/github-kanban-mcp-server is an A Model Context Protocol server for managing GitHub issues as Kanban using gh CLI Affected versions of this package are vulnerable to Command Injection via the createissue parameter. An attacker can execute arbitrary code in the context of...

CVE-2026-0756

github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of github-kanban-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2026-0756 github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability

github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of github-kanban-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2026-0756 github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability

github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of github-kanban-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2026-0756

The CVE-2026-0756 issue affects github-kanban-mcp-server and stems from improper validation of the create_issue input before it is used in a system call, allowing an attacker to execute arbitrary code with the service account privileges, with no authentication required. References indicate this i...

GO-2026-4318 DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface in github.com/donknap/dpanel

DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface in github.com/donknap/dpanel...

GO-2026-4312 Envoy Extension Policy lua scripts injection causes arbitrary command execution in github.com/envoyproxy/gateway

Envoy Extension Policy lua scripts injection causes arbitrary command execution in github.com/envoyproxy/gateway...

GO-2026-4310 Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails in github.com/axllent/mailpit

Mailpit is vulnerable to Cross-Site WebSocket Hijacking CSWSH allowing unauthenticated access to emails in github.com/axllent/mailpit. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

CVE-2026-26188

creationtimestamp| type| source ---|---|--- 2026-01-22 20:23:37+00:00| published-proof-of-concept| https://github.com/solspace/craft-freeform/security/advisories/GHSA-jp3q-wwp3-pwv9...

RHSA-2026:1014

creationtimestamp| type| source ---|---|--- 2026-01-22 15:51:22+00:00| seen| https://gist.github.com/Darkcrai86/78d8b8337436d9ef75bd692938a1f1d2...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when serializing objects with very large depth. An attacker can cause resource exhaustion and disrupt service availability by submitti...

AZL-75189 CVE-2026-23992 affecting package gh 2.62.0-10

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...