GHSA-M7HM-VM4X-28JF vulnerabilities

Vulnerabilities for packages: dagdotdev...

Cross-site Scripting (XSS)

Overview @tdurieux/anonymousgithub is an Anonymise Github repositories for double-anonymous reviews Affected versions of this package are vulnerable to Cross-site Scripting XSS via the renderMD function. An attacker can execute arbitrary JavaScript in the application origin by crafting a maliciou...

GHSA-G485-8J3V-P6X8 @tdurieux/anonymous_github Vulnerable to XSS via Unsanitized GitHub Repository Content Rendering in Anonymous GitHub Origin

Summary Anonymous GitHub fetches repository content e.g., markdown files from GitHub's API and renders it without sanitization. On the client side, markdown is parsed with marked with sanitize: false and injected into the DOM via $sce.trustAsHtml + ng-bind-html, bypassing AngularJS's built-in XSS...

@tdurieux/anonymous_github Vulnerable to XSS via Unsanitized GitHub Repository Content Rendering in Anonymous GitHub Origin

Summary Anonymous GitHub fetches repository content e.g., markdown files from GitHub's API and renders it without sanitization. On the client side, markdown is parsed with marked with sanitize: false and injected into the DOM via $sce.trustAsHtml + ng-bind-html, bypassing AngularJS's built-in XSS...

CVE-2026-42578

creationtimestamp| type| source ---|---|--- 2026-05-05 18:05:31+00:00| published-proof-of-concept| https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr...

CVE-2026-350234

creationtimestamp| type| source ---|---|--- 2026-05-05 03:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/82846 2026-05-05 09:00:04+00:00| seen| Telegram/YNBAQ7wY3nDaf6oW9SSpET1W5P-GdTLvm9dgaOEDkfw4Y...

CVE-2026-44721

creationtimestamp| type| source ---|---|--- 2026-05-04 23:42:51+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-gf5m-wcrh-7928...

GHSA-QG5C-HVR5-HJGR

creationtimestamp| type| source ---|---|--- 2026-05-04 23:31:29+00:00| seen| https://gist.github.com/limcheekin/b22dc88a260c8e395b6d84d05bd62a04...

GHSA-96VC-WCXF-JJFF

creationtimestamp| type| source ---|---|--- 2026-05-04 23:31:29+00:00| seen| https://gist.github.com/limcheekin/b22dc88a260c8e395b6d84d05bd62a04...

GHSA-G38R-8GMR-GHRF

creationtimestamp| type| source ---|---|--- 2026-05-04 22:10:29+00:00| seen| https://gist.github.com/alon710/15d45700e9c417f92716ddfa05ebc56f...

GHSA-X3H8-JRGH-P8JX

creationtimestamp| type| source ---|---|--- 2026-05-04 20:40:29+00:00| seen| https://gist.github.com/alon710/b60926baf5e2d9d70756e13d5032afa9...

GHSA-Q49M-57VM-C8CC

creationtimestamp| type| source ---|---|--- 2026-05-04 20:10:29+00:00| seen| https://gist.github.com/alon710/e5f670283b66e1c583d8b3f3f9d1efba...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference through the UploadAllFiles process. An attacker can cause the daemon to crash by importing a truncated or malformed backup archive that triggers a nil-pointer dereference during tar file iteration. Remediation...

CVE-2026-41358

creationtimestamp| type| source ---|---|--- 2026-05-04 17:10:29+00:00| seen| https://gist.github.com/alon710/d4f3d9fbcfea6645ceefb383fa46637f...

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to...

CVE-2026-44009

creationtimestamp| type| source ---|---|--- 2026-05-03 21:34:48+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-9vg3-4rfj-wgcm...

summary-awi-poc

summary-awi-poc Public proof-of-concept repository for valida...

CVE-2026-44641

creationtimestamp| type| source ---|---|--- 2026-05-03 08:34:38+00:00| published-proof-of-concept| https://github.com/microsoft/apm/security/advisories/GHSA-xhrw-5qxx-jpwr...

Fedora 44 : GitPython (2026-9342da13e0)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9342da13e0 advisory. Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67. Tenable has extracted the preceding descriptio...