CVE-2026-25761 Command injection via crafted filenames in Super-linter Action

Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...

CVE-2026-25598

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action Community Tier that allows outbound network connections to evade audit logging. Specifically, outbound traffi...

CVE-2026-25491

creationtimestamp| type| source ---|---|--- 2026-02-09 18:04:34+00:00| published-proof-of-concept| https://github.com/craftcms/cms/security/advisories/GHSA-7pr4-wx9w-mqwr...

CVE-2026-25492

creationtimestamp| type| source ---|---|--- 2026-02-09 18:01:35+00:00| published-proof-of-concept| https://github.com/craftcms/cms/security/advisories/GHSA-96pq-hxpw-rgh8...

GHSA-R79C-PQJ3-577X Super-linter is vulnerable to command injection via crafted filenames in Super-linter Action

Summary The Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull request that introduces a file whose name contains shell command substitution syntax, such as $.... In...

Harden-Runner 安全漏洞

Harden-Runner is a program open source by StepSecurity. It provides network exit filter and runtime security for both GitHub-hosted and self-hosted runners. Versions of Harden-Runner prior to 2.14.2 contained security vulnerabilities. These vulnerabilities allowed outbound network connections to...

PT-2026-7152

Name of the Vulnerable Software and Affected Versions Super-linter versions 6.0.0 through 8.3.0 Description Super-linter is susceptible to command injection through specially crafted filenames. When used in GitHub Actions workflows, an attacker submitting a pull request with a file containing she...

CVE-2026-25479

creationtimestamp| type| source ---|---|--- 2026-02-08 13:38:24+00:00| published-proof-of-concept| https://github.com/litestar-org/litestar/security/advisories/GHSA-93ph-p7v4-hwh4...

GHSA-MHG7-666J-CQG4

creationtimestamp| type| source ---|---|--- 2026-02-08 04:40:05+00:00| seen| https://gist.github.com/alon710/7bbde07266f0ce6a4608d33da3c417d3...

GHSA-4Q92-RFM6-2CQX

creationtimestamp| type| source ---|---|--- 2026-02-08 03:40:06+00:00| seen| https://gist.github.com/alon710/1c6b06029608bb23418dcb4699619f4d...

GHSA-W67G-2H6V-VJGQ

creationtimestamp| type| source ---|---|--- 2026-02-08 02:40:05+00:00| seen| https://gist.github.com/alon710/77fa3cb54e25b561e55732fa7bee4e36...

CVE-2025-11368

creationtimestamp| type| source ---|---|--- 2026-02-07 20:59:54+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-11368.yaml 2026-04-03 21:02:37+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mimmlfuquk2p...

CVE-2025-32257

creationtimestamp| type| source ---|---|--- 2026-02-07 06:32:17+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-32257.yaml 2026-02-11 21:03:09+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3memetafx352k 2026-04-03...

PT-2026-6908

Name of the Vulnerable Software and Affected Versions Harden-Runner versions prior to 2.14.2 Description Harden-Runner, a CI/CD security agent functioning as an EDR for GitHub Actions runners, contained a security issue where outbound network connections could bypass audit logging. Specifically,...

GHSA-P6X6-9MX6-26WJ

creationtimestamp| type| source ---|---|--- 2026-02-06 18:10:05+00:00| seen| https://gist.github.com/alon710/4df0dc54735b275488bf3aa51c4b4e68...

CVE-2026-24416

creationtimestamp| type| source ---|---|--- 2026-02-06 16:47:53+00:00| published-proof-of-concept| https://github.com/devcode-it/openstamanager/security/advisories/GHSA-p864-fqgv-92q4...

CVE-2026-24418

creationtimestamp| type| source ---|---|--- 2026-02-06 16:47:32+00:00| published-proof-of-concept| https://github.com/devcode-it/openstamanager/security/advisories/GHSA-4xwv-49c8-fvhq...

CVE-2026-24419

creationtimestamp| type| source ---|---|--- 2026-02-06 16:47:10+00:00| published-proof-of-concept| https://github.com/devcode-it/openstamanager/security/advisories/GHSA-4j2x-jh4m-fqv6...

CVE-2024-12724

creationtimestamp| type| source ---|---|--- 2026-02-06 16:21:41+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-12724.yaml...

CVE-2026-1337

creationtimestamp| type| source ---|---|--- 2026-02-06 15:31:03+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-xr72-g735-4vwp...