29580 matches found
PT-2026-5388
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull request target trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access t...
GHSA-WV3H-X6C4-R867 vulnerabilities
Vulnerabilities for packages: keycloak...
GHSA-V2VR-926Q-29FR vulnerabilities
Vulnerabilities for packages: openssl...
GHSA-RHX3-FG8P-F9M4 vulnerabilities
Vulnerabilities for packages: openssl...
GHSA-3MXV-473P-H624 vulnerabilities
Vulnerabilities for packages: ffmpeg...
CVE-2026-24910
In Bun before 1.3.5, the default trusted dependencies list aka trust allow list can be spoofed by a non-npm package in the case of a matching name for file, link, git, or github...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception via the oneflow.logicalor function. An attacker can cause the application to crash by submitting specially crafted input. Remediation There is no fixed version for oneflow. References - GitHub Issue Credit: Daisy2ang...
Improper Validation of Specified Quantity in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the arange function. An attacker can cause the application to become unresponsive or crash by submitting specially crafted input. Remediation There is no fixed version for oneflow...
GHSA-PGJQ-PWJV-WJPX vulnerabilities
Vulnerabilities for packages: kibana...
Improper Validation of Specified Quantity in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the flow.cuda.BoolTensor component when processing crafted input. An attacker can cause the application to crash or become unresponsive by submitting specially crafted data...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the flow.columnstack component. An attacker can cause the application to crash by submitting specially crafted input. Remediation There is no fixed version for oneflow. References - GitHub Issue Credit: Daisy2ang...
Division by zero
Overview Affected versions of this package are vulnerable to Division by zero in the flow.floordivide function. An attacker can cause the application to crash or become unresponsive by providing a specially crafted input tensor containing a zero value. Remediation There is no fixed version for...
GHSA-HFPW-X3FG-WMMG vulnerabilities
Vulnerabilities for packages: python...
GHSA-R92C-9C7F-3PJ8 vulnerabilities
Vulnerabilities for packages: opentofu...
GHSA-7XVX-8PF2-PV5G
creationtimestamp| type| source ---|---|--- 2026-01-28 03:27:20+00:00| seen| https://bsky.app/profile/cyber-news-fi.bsky.social/post/3mdhdcleuyh2d...
GHSA-J65R-8HRG-QC6X vulnerabilities
Vulnerabilities for packages: nodejs...
GHSA-9JWR-P39P-HWG2 vulnerabilities
Vulnerabilities for packages: nodejs...
SUSE CVE-2026-24480
QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...
GitHub: Add labels to arbitrary issues/prs & compromise github actions label checks
A vulnerability was identified that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value updates were applied without verifying the actor's...
CVE-2026-24910
CVE-2026-24910 affects Bun prior to 1.3.5. The issue: the default trusted dependencies list (trust allow list) can be spoofed by a non-npm package when a name matches an existing trusted dependency, across file, link, git, or GitHub sources. Reported impacts include potential manipulation of the ...