GHSA-HCF7-66RW-9F5R

creationtimestamp| type| source ---|---|--- 2026-05-19 20:10:50+00:00| seen| https://gist.github.com/alon710/e381dedd3ac6c2888e1321e911d4bec9...

Malicious code in crw (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4324181416ad15727c0f51a30b56858c42fad99b93635922494acfe4c0f5d597 Package 'crw' impersonates the Firecrawl SDK: it declares 'firecrawl' as a keyword, replicates Firecrawl's client surface...

GHSA-CRC3-H8V6-QH57 GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape sequence injection

Summary A security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. Details The vulnerability stems from the way GitHub CLI handles raw Actions log...

GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape sequence injection

Summary A security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. Details The vulnerability stems from the way GitHub CLI handles raw Actions log...

EUVD-2026-30549

GitHub CLI: GitHub Actions log output in gh run view allows terminal escape sequence injection...

CVE-2026-43945

creationtimestamp| type| source ---|---|--- 2026-05-19 18:34:17+00:00| published-proof-of-concept| https://github.com/frangoteam/FUXA/security/advisories/GHSA-p69w-mmfv-xrfj...

GHSA-F9F8-RM49-7JV2 Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs

Summary Composer leaks the full contents of tokens configured as GitHub OAuth tokens if they do not match Composer's expected format for such tokens to stderr. GitHub has introduced a new format for GitHub Actions GITHUBTOKEN values. These tokens are validated in the same way by Composer on GitHu...

Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs

Summary Composer leaks the full contents of tokens configured as GitHub OAuth tokens if they do not match Composer's expected format for such tokens to stderr. GitHub has introduced a new format for GitHub Actions GITHUBTOKEN values. These tokens are validated in the same way by Composer on GitHu...

GHSA-XMPW-2VMM-P4P6 Malicious code in guardrails-ai 0.10.1 (supply chain compromise)

Impact On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Affected: any user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026. Security researchers identified the malicious package within approximately 2 hours ...

CVE-2026-47423

creationtimestamp| type| source ---|---|--- 2026-05-19 09:26:54+00:00| published-proof-of-concept| https://github.com/cure53/DOMPurify/security/advisories/GHSA-87xg-pxx2-7hvx 2026-06-04 11:02:16+00:00| seen| https://t.me/GithubRedTeam/87264...

CVE-2026-47429

creationtimestamp| type| source ---|---|--- 2026-05-19 09:24:23+00:00| published-proof-of-concept| https://github.com/vitest-dev/vitest/security/advisories/GHSA-5xrq-8626-4rwp...

CVE-2026-47428

creationtimestamp| type| source ---|---|--- 2026-05-19 09:23:47+00:00| published-proof-of-concept| https://github.com/vitest-dev/vitest/security/advisories/GHSA-2h32-95rg-cppp...

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code VS Code Marketplace. The extension in question is rwl.angular-console version 18.95.0, a popular user interface and plugin for code editors like VS Code,...

CVE-2026-47399

creationtimestamp| type| source ---|---|--- 2026-05-19 06:35:47+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-6h6v-6m7w-7vxx...

CVE-2026-47391

creationtimestamp| type| source ---|---|--- 2026-05-19 06:35:04+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-vg22-4gmj-prxw...

CVE-2026-47398

creationtimestamp| type| source ---|---|--- 2026-05-19 06:35:03+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-78r8-wwqv-r299...

CVE-2026-47397

creationtimestamp| type| source ---|---|--- 2026-05-19 06:35:00+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-hvhp-v2gc-268q...

CVE-2026-47396

creationtimestamp| type| source ---|---|--- 2026-05-19 06:34:59+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-86qc-r5v2-v6x6...

CVE-2026-47394

creationtimestamp| type| source ---|---|--- 2026-05-19 06:34:57+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9cr9-25q5-8prj...

CVE-2026-47392

creationtimestamp| type| source ---|---|--- 2026-05-19 06:34:53+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4mr5-g6f9-cfrh...