Azure Linux 3.0 Security Update: gh (CVE-2025-48938)

The version of gh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-48938 advisory. - go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has...

Azure Linux 3.0 Security Update: gh (CVE-2024-52308)

The version of gh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-52308 advisory. - The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace S...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the encoded array lengths serialization process. An attacker can cause excessive processing time by overriding encoded array lengt...

CVE-2024-55027

creationtimestamp| type| source ---|---|--- 2026-01-21 10:01:35+00:00| seen| https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de...

CVE-2024-55025

creationtimestamp| type| source ---|---|--- 2026-01-21 10:01:35+00:00| seen| https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de...

CVE-2025-11580

creationtimestamp| type| source ---|---|--- 2026-01-21 06:39:57+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-11580.yaml 2026-01-22 21:03:05+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3md23iwotwa24...

AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent

Triaging security alerts is often very repetitive because false positives are caused by patterns that are obvious to a human auditor but difficult to encode as a formal code pattern. But large language models LLMs excel at matching the fuzzy patterns that traditional tools struggle with, so we at...

GHSA-JM66-CG57-JJV5 vulnerabilities

Vulnerabilities for packages: barman, authentik-fips, kserve, airflow, awx, az, py3-cassandra-medusa, duplicity, request-1276, pgadmin4, open-webui, authentik...

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code VS Code projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of the new...

GHSA-73RR-HH4G-FPGX vulnerabilities

Vulnerabilities for packages: npm, argo-workflows, tileserver-gl, saf, langfuse, renovate, grafana, prism, vitess, ts-patch...

CVE-2025-14351

creationtimestamp| type| source ---|---|--- 2026-01-20 06:33:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mctjxqpcoc2i 2026-01-20 07:51:41+00:00| seen| https://gist.github.com/Darkcrai86/9a0fa1b491739b4e729d80465cb99f43...

CVE-2020-15081

creationtimestamp| type| source ---|---|--- 2026-01-20 03:57:37+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2020/CVE-2020-15081.yaml 2026-01-23 21:02:59+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3md4lxp2srt2i...

Unpacking Security Scanners for GitHub Actions Workflows

GitHub Actions is a widely used platform that allows developers to automate the build and deployment of their projects through configurable workflows. As the platform's popularity continues to grow, it has become a target of choice for recent software supply chain attacks. These attacks exploit...

GHSA-GFW2-4JVH-WGFG

creationtimestamp| type| source ---|---|--- 2026-01-19 23:20:05+00:00| seen| https://gist.github.com/konard/0d69c914be52c3cee3437d4858b1c259...

PYSEC-2024-250

creationtimestamp| type| source ---|---|--- 2026-01-19 11:35:26+00:00| seen| https://gist.github.com/konard/d776e828509d5f2e3644437ac5400628 2026-01-19 11:37:28+00:00| seen| https://gist.github.com/konard/042845fbf63e049778752df088c0c9e4 2026-01-19 11:37:35+00:00| seen|...

CVE-2026-23845

creationtimestamp| type| source ---|---|--- 2026-01-18 08:34:24+00:00| published-proof-of-concept| https://github.com/axllent/mailpit/security/advisories/GHSA-6jxm-fv7w-rw5j...

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A critical misconfiguration in Amazon Web Services AWS CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability has been codenamed CodeBreach by cloud security...

CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild

Wiz Research discovered a critical supply chain vulnerability that abused a CodeBuild misconfiguration to take over key AWS GitHub repositories - including the JavaScript SDK powering the AWS Console...

CVE-2019-12935

creationtimestamp| type| source ---|---|--- 2026-01-15 07:49:49+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2019/CVE-2019-12935.yaml 2026-01-15 21:03:00+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mciiae22bv22...

GHSA-7RF3-MQPX-H7XG vulnerabilities

Vulnerabilities for packages: druid...