CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/04/08 12:18 a.m.•3 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the eventstream decoder process. An attacker can cause the host process to terminate unexpectedly by sending a crafted EventStream response frame containing a header value type byte outside the valid range...

8.2CVSS5.4AI score

Circl•added 2026/04/08 12:16 a.m.•5 views

CVE-2026-39373

creationtimestamp| type| source ---|---|--- 2026-04-08 00:16:14+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-fjrm-76x2-c4q4...

5.3CVSS5.8AI score0.00294EPSS

Exploits1References1

OSV•added 2026/04/08 12:12 a.m.•11 views

GHSA-3G6G-GQ4R-XJM9 Emissary has GitHub Actions Shell Injection via Workflow Inputs

Summary Three GitHub Actions workflow files contained 10 shell injection points where user-controlled workflowdispatch inputs were interpolated directly into shell commands via $ expression syntax. An attacker with repository write access could inject arbitrary shell commands, leading to reposito...

9.1CVSS6.5AI score0.00566EPSS

Exploits1References5

Github Security Blog•added 2026/04/08 12:12 a.m.•3 views

Emissary has GitHub Actions Shell Injection via Workflow Inputs

9.1CVSS6.5AI score0.00566EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2026/04/07 11:32 p.m.•1 views

CVE-2026-33815

A flaw was found in github.com/jackc/pgx. This memory-safety vulnerability could potentially lead to unexpected behavior or system instability. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

9.8CVSS5.8AI score0.004EPSS

Exploits0References4

Circl•added 2026/04/07 9:22 p.m.•2 views

GHSA-X8RX-789C-2PXQ

creationtimestamp| type| source ---|---|--- 2026-04-07 21:22:30+00:00| published-proof-of-concept| Telegram/PsCoAl2rNCHfpa-IE94yjZNK4tjM6zifbqO0UkQOdEj8yI...

Circl•added 2026/04/07 9:22 p.m.•4 views

GHSA-GPJ5-G38J-94V9

creationtimestamp| type| source ---|---|--- 2026-04-07 21:22:19+00:00| seen| Telegram/ORzlugWNJSN1mBT3L8tDKZ1H7oYKkiEmKL9E7e5xnpgHaiU...

Vulnrichment•added 2026/04/07 7:56 p.m.•4 views

CVE-2026-39382 dbt has a Command Injection in Reusable Workflow via Unsanitized comment-body Output

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for an...

9.3CVSS6AI score0.00389EPSS

EUVD•added 2026/04/07 7:56 p.m.•2 views

EUVD-2026-19918

9.3CVSS6AI score0.00389EPSS

CVE•added 2026/04/07 7:56 p.m.•10 views

CVE-2026-39382

In CVE-2026-39382, the vulnerability arises in a dbt workflow where the prep job uses peter-evans/find-comment to fetch a comment-body, which is then interpolated into a shell command without escaping. This allows attacker-controlled text to break out of quotes and inject arbitrary shell commands...

9.3CVSS6AI score0.00389EPSS

Wolfi•added 2026/04/07 7:50 p.m.•6 views

GHSA-H762-RHV3-H25V vulnerabilities

Vulnerabilities for packages: openexr...

5.9AI score

Circl•added 2026/04/07 7:35 p.m.•0 views

GHSA-66FC-V5XJ-X859

creationtimestamp| type| source ---|---|--- 2026-04-07 19:35:24+00:00| seen| Telegram/d9ntGhgAXUNib3HVhoGCh5gTeuhEkXLp8JxGb0TRA4y7Jks...

Circl•added 2026/04/07 7:33 p.m.•0 views

GHSA-VPWC-V33Q-MQ89

creationtimestamp| type| source ---|---|--- 2026-04-07 19:33:43+00:00| seen| Telegram/7stdzVfIjMVb7tvEQLoql-CFRLg5JIYu0eUqsXCfmQ30DI4...

Chainguard•added 2026/04/07 7:17 p.m.•4 views

GHSA-CJ63-JHHR-WCXV vulnerabilities

Vulnerabilities for packages: wazuh-dashboard...

5.9AI score