GHSA-GJ6X-Q8RH-WJ6X

creationtimestamp| type| source ---|---|--- 2026-02-27 00:10:19+00:00| seen| https://gist.github.com/alon710/8f17f9c15768fb9e715dace4af33516b...

CVE-2026-27701

LiveCode is an open-source, client-side code playground. Prior to commit e151c64c2bd80d2d53ac1333f1df9429fe6a1a11, LiveCode's i18n-update-pull GitHub Actions workflow is vulnerable to JavaScript injection. The title of the Pull Request associated with the triggering issue comment is interpolated...

CVE-2026-27638

creationtimestamp| type| source ---|---|--- 2026-02-26 22:04:01+00:00| published-proof-of-concept| https://github.com/actualbudget/actual/security/advisories/GHSA-qmjj-p7m9-wjrv...

User Impersonation

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to User Impersonation via the GitHub Webhook Trigger component. An attacker can trigger unauthorized workflow executions by sending unsigned POST requests to the webhook endpoint, thereby injecting...

n8n: Webhook Forgery on Github Webhook Trigger

Impact An attacker who knows the webhook URL of a workflow using the GitHub Webhook Trigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node did not implement the HMAC-SHA256 signature verification that GitHub provides to authenticate webhook deliverie...

GHSA-WXX7-MCGF-J869

creationtimestamp| type| source ---|---|--- 2026-02-26 07:10:19+00:00| seen| https://gist.github.com/alon710/701a60f9f2d4887df5a419fe55913115 2026-02-26 18:09:12+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/n8n-security-advisory-av26-176 2026-02-27 03:31:16+00:00| seen|...

CVE-2026-27941

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

CVE-2026-27938

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...

GHSA-XH43-G2FQ-WJRJ

creationtimestamp| type| source ---|---|--- 2026-02-26 02:10:19+00:00| seen| https://gist.github.com/alon710/1371fd3ef3a3abfae5e6b307e565141d...

GHSA-X288-3778-4HHX

creationtimestamp| type| source ---|---|--- 2026-02-26 01:40:19+00:00| seen| https://gist.github.com/alon710/53d0a446648e9dbad6bc94a3baf5290b...

CVE-2026-27941 OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

CVE-2026-27941 OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

EUVD-2026-8804

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

CVE-2026-27941

OpenLIT prior to v1.37.1 used GitHub Actions workflows that employed pull_request_target to check out and run untrusted code from forks. This created a risk where workflows executed with the security context of the base repository, including a write-privileged GITHUB_TOKEN and sensitive secrets (...

CVE-2026-27938

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...

CVE-2026-27938 WPGraphQL Repo Vulnerable to Command Injection via Unsanitized GitHub Actions Expression in Release Workflow

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...

CVE-2026-27938

The CVE-2026-27938 entry documents a command injection flaw in the WPGraphQL repository (wp-graphql/wp-graphql) prior to version 2.9.1, stemming from an unsafe use of ${{ github.event.pull_request.body }} inside the release.yml shell run block. When a PR from develop to master is merged, the PR b...

CVE-2026-27938 WPGraphQL Repo Vulnerable to Command Injection via Unsanitized GitHub Actions Expression in Release Workflow

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...

WordPress plugin WPGraphQL 操作系统命令注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

OpenLIT 安全漏洞

OpenLIT is an open-source language model development tool developed by OpenLIT. Versions of OpenLIT prior to 1.37.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of the pullrequesttarget event in GitHub Actions workflows, allowing for the execution of untrusted...