29580 matches found
Unpacking Security Scanners for GitHub Actions Workflows
GitHub Actions is a widely used platform that allows developers to automate the build and deployment of their projects through configurable workflows. As the platform's popularity continues to grow, it has become a target of choice for recent software supply chain attacks. These attacks exploit...
GHSA-GFW2-4JVH-WGFG
creationtimestamp| type| source ---|---|--- 2026-01-19 23:20:05+00:00| seen| https://gist.github.com/konard/0d69c914be52c3cee3437d4858b1c259...
PYSEC-2024-250
creationtimestamp| type| source ---|---|--- 2026-01-19 11:35:26+00:00| seen| https://gist.github.com/konard/d776e828509d5f2e3644437ac5400628 2026-01-19 11:37:28+00:00| seen| https://gist.github.com/konard/042845fbf63e049778752df088c0c9e4 2026-01-19 11:37:35+00:00| seen|...
CVE-2026-23845
creationtimestamp| type| source ---|---|--- 2026-01-18 08:34:24+00:00| published-proof-of-concept| https://github.com/axllent/mailpit/security/advisories/GHSA-6jxm-fv7w-rw5j...
AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks
A critical misconfiguration in Amazon Web Services AWS CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability has been codenamed CodeBreach by cloud security...
CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild
Wiz Research discovered a critical supply chain vulnerability that abused a CodeBuild misconfiguration to take over key AWS GitHub repositories - including the JavaScript SDK powering the AWS Console...
CVE-2019-12935
creationtimestamp| type| source ---|---|--- 2026-01-15 07:49:49+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2019/CVE-2019-12935.yaml 2026-01-15 21:03:00+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mciiae22bv22...
GHSA-7RF3-MQPX-H7XG vulnerabilities
Vulnerabilities for packages: druid...
GHSA-9WPJ-H5JQ-88P9 vulnerabilities
Vulnerabilities for packages: redis...
GO-2025-4251 Ollama has missing authentication enabling attackers to perform model management operations in github.com/ollama/ollama
Ollama has missing authentication enabling attackers to perform model management operations in github.com/ollama/ollama...
CVE-2020-9039
creationtimestamp| type| source ---|---|--- 2026-01-14 19:04:28+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2020/CVE-2020-9039.yaml 2026-01-15 21:03:01+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mciiaea53b2b...
GHSA-VH2P-4GFM-V9V7 vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-azure, linux-aws, linux-qemu, linux-vmware...
CVE-2026-22869
Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow .github/workflows/ci.yml allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pullrequesttarget trigger combined with checkout of untrusted PR...
CVE-2026-22869
Eigent’s CVE-2026-22869 affects its CI workflow (.github/workflows/ci.yml) used in the Eigent multi‑agent Workforce. The vulnerability arises from using the pull_request_target trigger in combination with checking out untrusted PR code, enabling arbitrary code execution from fork pull requests wi...
@cenk1cenk2/renovate-config (>=2.0.0 <=2.3.148), @jamietanna/patch-testing (>=0.1.0 <=0.2.28) +8 more potentially affected by unknown CVE via renovate (>=32.241.11 <=42.66.1)
renovate NPM version =32.241.11, =2.0.0, =0.1.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =0.0.1, =0.19.0 - @zotero-chinese/renovate-config =1.0.3 Source cves: unknown CVE Source advisory: OSV:GHSA-PFQ2-HH62-7M96...
CVE-2026-20944
creationtimestamp| type| source ---|---|--- 2026-01-13 18:01:16+00:00| seen| https://www.thezdi.com/blog/2026/1/13/the-january-2026-security-update-review 2026-01-13 18:17:02+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115889158303083604 2026-01-13 18:18:45+00:00| seen|...
CVE-2026-20957
creationtimestamp| type| source ---|---|--- 2026-01-13 18:01:16+00:00| seen| https://www.thezdi.com/blog/2026/1/13/the-january-2026-security-update-review 2026-01-13 18:18:45+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0010 2026-01-13 19:01:58+00:00| seen|...
GO-2026-4297 Mattermost Server has intermittent Authorization bypass for resource-owners in github.com/mattermost/mattermost-server
Mattermost Server has intermittent Authorization bypass for resource-owners in github.com/mattermost/mattermost-server...
GO-2026-4303 Mattermost Server is vulnerable CSV Injection in github.com/mattermost/mattermost-server
Mattermost Server is vulnerable CSV Injection in github.com/mattermost/mattermost-server...
GHSA-MQW7-C5GG-XQ97
creationtimestamp| type| source ---|---|--- 2026-01-13 14:36:18+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115888290409404878...