29572 matches found
babelon (>=0.2.1 <=0.3.3), curategpt (>=0.2.2 <=0.2.4) +13 more potentially affected by CVE-2026-31236 via llm (>=0.12.0 <=0.26.0)
llm PYPI version =0.12.0, =0.2.1, =0.2.2, =0.1.0, =0.1.0a0, =0.9.0, =11.0.0rc1, =0.3.6, =0.1.0, =0.7.0, =2.0.0, =2.5.0 Source cves: CVE-2026-31236 Source advisory: OSV:GHSA-G76P-4VG5-F4QH...
CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
...
CVE-2026-41109
Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
...
CVE-2026-41109
Technical details are not publicly available in the provided documents; monitor for updates.
GHSA-RHV4-8758-JX7V
creationtimestamp| type| source ---|---|--- 2026-05-12 15:40:29+00:00| seen| https://gist.github.com/alon710/d3518b26e6387505ec4774e026b70deb...
CVE-2026-42074
creationtimestamp| type| source ---|---|--- 2026-05-12 15:22:53+00:00| published-proof-of-concept| https://github.com/Gitlawb/openclaude/security/advisories/GHSA-m77w-p5jj-xmhg 2026-06-02 19:24:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndd3o6o4n24 2026-06-04 07:00:20+00:00...
org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44290 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)
org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44290 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643420...
GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...
GHSA-Q7RR-3CGH-J5R3 vulnerabilities
Vulnerabilities for packages: langfuse, gemini-cli, librechat, kibana, langfuse-fips...
Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware
Operation HumanitarianBait uses fake aid documents, GitHub-hosted payloads, and Python spyware to target Russian-speaking victims...
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP , the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to inclu...
CVE-2026-45715
creationtimestamp| type| source ---|---|--- 2026-05-12 10:25:47+00:00| published-proof-of-concept| https://github.com/Budibase/budibase/security/advisories/GHSA-fgqv-jh4g-pvg2...
GHSA-Q2VM-C2RH-9GWX vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-CH7G-FXCX-CG7X vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-C7M2-HHFC-83RM vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-7MFJ-42PQ-P327 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-2CVQ-G96P-GGFW vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-44899
creationtimestamp| type| source ---|---|--- 2026-05-12 06:06:53+00:00| published-proof-of-concept| https://github.com/lepture/mistune/security/advisories/GHSA-ccfx-mfmx-2fx9 2026-06-03 12:25:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnf44csazq2j...
CVE-2026-45321
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...