Malicious Package

Overview eslint-validator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

GHSA-F27W-VCWJ-C954

creationtimestamp| type| source ---|---|--- 2026-03-30 15:22:38+00:00| seen| Telegram/rgowYjXIbIqHAY83QR77NdcMiEs7Q8IlbaGHk6-omsHWj8...

GHSA-2J22-PR5W-6GQ8 vulnerabilities

Vulnerabilities for packages: ruby3.4-rails...

CVE-2026-29872

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...

CVE-2026-29872

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...

CVE-2026-29872

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...

Exploit for Exposure of Resource to Wrong Sphere in Linuxfoundation Containerd

ZipSlip Container Escape Vulnerability in containerd CVE...

Exploit for Exposure of Resource to Wrong Sphere in Linuxfoundation Containerd

ZipSlip Container Escape Vulnerability in containerd CVE...

Incorrect Authorization

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Incorrect Authorization via the callback handling process. An attacker can gain unauthorized access to callback functionality by sending speciall...

GHSA-R4FJ-R33X-8V88 wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`

Summary A GitHub Actions workflow uses untrusted user input from issuecomment.body directly inside a shell command, allowing potential command injection and arbitrary code execution on the runner. Details The workflow is triggered by issuecomment, which can be controlled by external users. In the...

Command Injection

Overview wenxian is a Generate references. Affected versions of this package are vulnerable to Command Injection via the github.event.comment.body input in the GitHub Actions workflow. An attacker can execute arbitrary shell commands on the CI runner by posting crafted comments to issues, leading...

wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`

Summary A GitHub Actions workflow uses untrusted user input from issuecomment.body directly inside a shell command, allowing potential command injection and arbitrary code execution on the runner. Details The workflow is triggered by issuecomment, which can be controlled by external users. In the...

GHSA-VCHX-5PR6-FFX2 vulnerabilities

Vulnerabilities for packages: k3s...

PT-2026-28615

Name of the Vulnerable Software and Affected Versions njzjz/wenxian affected versions not specified Description A command injection flaw exists in a GitHub Actions workflow due to the direct use of untrusted user input from issue comment.body within a shell command. The workflow is triggered by...

GHSA-6FMV-XXPF-W3CW vulnerabilities

Vulnerabilities for packages: gradle, confluent-kafka-jre-bcfips, leiningen, maven, akhq, druid, gradle-stage0, maven-stage0, apache-camel-karavan-devmode, confluent-kafka, dependency-track, dependency-track-apiserver, clojure-tools, wso2is, maven-ecosystems-test, kafka, kafka-fips...

CVE-2026-33029

creationtimestamp| type| source ---|---|--- 2026-03-28 03:20:34+00:00| published-proof-of-concept| https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-cp8r-8jvw-v3qg...

CVE-2026-33027

creationtimestamp| type| source ---|---|--- 2026-03-28 03:19:28+00:00| published-proof-of-concept| https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-m8p8-53vf-8357...

GHSA-8C4J-F57C-35CF

creationtimestamp| type| source ---|---|--- 2026-03-27 23:28:03+00:00| seen| Telegram/EI25wC4yN3TaatXDJQ6U03Lar3nhYMfqPNXio5Iaw2cNO8...

GHSA-RWCR-RPCC-3G9M

creationtimestamp| type| source ---|---|--- 2026-03-27 21:23:14+00:00| published-proof-of-concept| Telegram/B1-lnNSHplGL4tzlck3EB0WXwjfJllp4cXItiyc0oKB0vU...

GHSA-4GMR-2VC8-7QH3

creationtimestamp| type| source ---|---|--- 2026-03-27 21:23:14+00:00| published-proof-of-concept| Telegram/B1-lnNSHplGL4tzlck3EB0WXwjfJllp4cXItiyc0oKB0vU...