CVE-2026-31861

creationtimestamp| type| source ---|---|--- 2026-03-09 08:33:47+00:00| published-proof-of-concept| https://github.com/siteboon/claudecodeui/security/advisories/GHSA-7fv4-fmmc-86g2...

PT-2026-24150

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.19 Description OneUptime’s GitHub App callback does not properly validate the state and installation id values received from a user, allowing an attacker to overwrite another project's GitHub App installation...

CVE-2026-30964

creationtimestamp| type| source ---|---|--- 2026-03-08 17:27:32+00:00| published-proof-of-concept| https://github.com/web-auth/webauthn-framework/security/advisories/GHSA-f7pm-6hr8-7ggm...

CVE-2026-29783

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

[SECURITY] Fedora 42 Update: gh-2.87.3-1.fc42

A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform vari ous actions right from the command line, eliminating the need to...

2sio (>=0.1.0 <=0.1.5), 4mica-x402 (>=0.1.0 <=1.2.3) +49 more potentially affected by unknown CVE via x402 (>=0.2.1 <=2.12.0)

x402 PYPI version =0.2.1, =0.1.0, =0.1.0, =0.2.0, =1.0.0, =0.0.15, =0.3.14, =0.1.0, =0.1.1, =0.7.0, =0.5.4, =0.1.0, =0.1.0, =0.3.0, =0.3.5 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QR2G-P6Q7-W82M...

GHSA-V53H-F6M7-XCGM Black's vulnerable version parsing leads to RCE in GitHub Action

Impact Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. Th...

Black's vulnerable version parsing leads to RCE in GitHub Action

Impact Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. Th...

Fedora 42 : prometheus (2026-c9fb6d2b76)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c9fb6d2b76 advisory. Rename from golang-github-prometheus and upgrade to 3.10.0 Tenable has extracted the preceding description block directly from the Fedora security...

PT-2026-24654

Name of the Vulnerable Software and Affected Versions Black versions prior to 26.3.0 Description Black is a Python code formatter that provides a GitHub action for code formatting. The action supports an option, use pyproject: true, to read the Black version from the repository's pyproject.toml...

How to scan for vulnerabilities with GitHub Security Lab’s open source AI-powered framework

For the last few months, we've been using the GitHub Security Lab Taskflow Agent along with a new set of auditing taskflows that specialize in finding web security vulnerabilities. They also turn out to be very successful at finding high-impact vulnerabilities in open source projects. As security...

GHSA-P6PV-Q7RC-G4H9

creationtimestamp| type| source ---|---|--- 2026-03-06 20:09:04+00:00| seen| https://github.blog/security/how-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework/...

GHSA-Q45J-X3CJ-GJVQ

creationtimestamp| type| source ---|---|--- 2026-03-06 20:09:04+00:00| seen| https://github.blog/security/how-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework/...

GHSA-C8XF-3J86-7686

creationtimestamp| type| source ---|---|--- 2026-03-06 20:09:04+00:00| seen| https://github.blog/security/how-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework/...

GHSA-87FH-RC96-6FR6

creationtimestamp| type| source ---|---|--- 2026-03-06 20:09:04+00:00| seen| https://github.blog/security/how-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework/...

GHSA-W6VW-MRGV-69VF

creationtimestamp| type| source ---|---|--- 2026-03-06 20:09:04+00:00| seen| https://github.blog/security/how-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework/ 2026-03-10 23:10:58+00:00| seen|...

CVE-2025-15033

creationtimestamp| type| source ---|---|--- 2026-03-06 20:09:04+00:00| seen| https://github.blog/security/how-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework/...

GHSA-C9V3-4PV7-87PR

creationtimestamp| type| source ---|---|--- 2026-03-06 18:40:06+00:00| seen| https://gist.github.com/alon710/a8817b46e521d68e9ffadb12fd700261...

900+ Certificates Used by Fortune 500, Governments Exposed by Key Leaks

A joint study by Google and GitGuardian reveals that over 2,600 valid TLS certificates, protecting Fortune 500 companies and government agencies, were compromised due to private key leaks on GitHub and DockerHub...

Command Injection

Overview @github/copilot is a GitHub Copilot CLI brings the power of Copilot coding agent directly to your terminal. Affected versions of this package are vulnerable to Command Injection via crafted bash parameter expansion patterns in the shell command assessment process. An attacker can execute...