GHSA-G9XM-7538-MQ8W

creationtimestamp| type| source ---|---|--- 2025-12-29 21:01:14+00:00| seen| https://github.blog/security/vulnerability-research/bugs-that-survive-the-heat-of-continuous-fuzzing/...

GHSA-X44P-GVRJ-PJ2R vulnerabilities

Vulnerabilities for packages: apache-nifi...

CVE-2025-68951

creationtimestamp| type| source ---|---|--- 2025-12-29 10:11:32+00:00| published-proof-of-concept| https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-jv8r-hv7q-p6vc...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-hulud supply chain attacks. The malware functions as a self-replicating worm that spreads via npm dependencies to compromise developer environments;...

CVE-2018-10245

creationtimestamp| type| source ---|---|--- 2025-12-29 02:52:17+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2018/CVE-2018-10245.yaml 2025-12-30 21:02:57+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mbaarkwihw2f...

Securing the AI Supply Chain: What Can We Learn from Developer-Reported Security Issues and Solutions of AI Projects?

The rapid growth of Artificial Intelligence AI models and applications has led to an increasingly complex security landscape. Developers of AI projects must contend not only with traditional software supply chain issues but also with novel, AI-specific security threats. However, little is known...

Exploit for Insufficient Type Distinction in Rarlab Winrar

CVE Exploit Finder Author: Your Name/Handle Focus: Automated V...

intel-opencl-poc

Intel OpenCL PoC...

GHSA-R399-636X-V7F6

creationtimestamp| type| source ---|---|--- 2025-12-23 23:11:55+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115771409372144460...

GHSA-R5QP-7H29-V42W vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2025-67743

creationtimestamp| type| source ---|---|--- 2025-12-22 23:48:26+00:00| published-proof-of-concept| https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-9c54-gxh7-ppjc...

GO-2025-4247 Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection in github.com/mattermost/mattermost

Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection in github.com/mattermost/mattermost. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

GO-2025-4243 Libredesk has Improper Neutralization of HTML Tags in a Web Page in github.com/abhinavxd/libredesk

Libredesk has Improper Neutralization of HTML Tags in a Web Page in github.com/abhinavxd/libredesk...

GO-2025-4250 Amazon S3 Encryption Client has a Key Commitment Issue in github.com/aws/amazon-s3-encryption-client-go

Amazon S3 Encryption Client has a Key Commitment Issue in github.com/aws/amazon-s3-encryption-client-go...

CVE-2024-28200

creationtimestamp| type| source ---|---|--- 2025-12-22 18:10:48+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-28200.yaml 2025-12-24 21:02:56+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mar5xz5owc23...

CVE-2015-8350

creationtimestamp| type| source ---|---|--- 2025-12-22 01:17:33+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2015/CVE-2015-8350.yaml 2025-12-23 21:02:55+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3maonj35a2i2f...

Malicious code in github-badge-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f427bc7bcd3bfb173311bffdab461e2c6fc5350dc9ab3f7dc5e9a4ef6d16728 The package github-badge-bot was found to contain malicious code. Source: ghsa-malware f87cd6af8d38dd37db1b6aca4f637451fe3303fa73ed0705216e3711bc4d01...

MAL-2026-46 Malicious code in github-badge-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f427bc7bcd3bfb173311bffdab461e2c6fc5350dc9ab3f7dc5e9a4ef6d16728 The package github-badge-bot was found to contain malicious code. Source: ghsa-malware f87cd6af8d38dd37db1b6aca4f637451fe3303fa73ed0705216e3711bc4d01...

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

AI Code in the Wild: Measuring Security Risks and Ecosystem Shifts of AI-Generated Code in Modern Software

Large language models LLMs for code generation are becoming integral to modern software development, but their real-world prevalence and security impact remain poorly understood. We present the first large-scale empirical study of AI-generated code AIGCode in the wild. We build a high-precision...