CVE-2026-52880

creationtimestamp| type| source ---|---|--- 2026-06-02 10:32:57+00:00| published-proof-of-concept| https://github.com/klever-io/klever-go/security/advisories/GHSA-w4c6-7r69-w7j9...

CVE-2026-52879

creationtimestamp| type| source ---|---|--- 2026-06-02 10:32:40+00:00| published-proof-of-concept| https://github.com/klever-io/klever-go/security/advisories/GHSA-hf2g-6j7h-98wg...

CVE-2026-47249

creationtimestamp| type| source ---|---|--- 2026-06-02 10:30:29+00:00| published-proof-of-concept| https://github.com/klever-io/klever-go/security/advisories/GHSA-w342-mj6g-v9c4...

GHSA-HPFW-MQM3-33JH vulnerabilities

Vulnerabilities for packages: uutils...

GO-2026-4960 Neko has a Self-service Privilege Escalation for Authenticated Users in github.com/m1k1o/neko/server

Neko has a Self-service Privilege Escalation for Authenticated Users in github.com/m1k1o/neko/server...

CVE-2026-8206

creationtimestamp| type| source ---|---|--- 2026-06-01 20:00:04+00:00| seen| https://t.me/GithubRedTeam/86883 2026-06-01 23:00:14+00:00| seen| Telegram/WmCsGmCxw3llm8l2PpPL4TbSd7NmUffJbXR2OZgq87qhTE 2026-06-02 04:30:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mnbr4mqu6h2j...

GHSA-35JP-WW65-95WH vulnerabilities

Vulnerabilities for packages: librechat, unleash, langfuse, kibana, lerna, redisinsight, opensearch-dashboards-fips, prism, jitsucom-jitsu, kubeflow-centraldashboard, opensearch-dashboards, langfuse-fips...

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma , has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of...

CVE-2026-45131

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...

CVE-2026-45131

CloudPirates Open Source Helm Charts are affected by a vulnerability in the GitHub Actions pull-request.yaml workflow where attacker-controlled code from fork pull requests could run in a privileged context, exposing repository secrets (e.g., Docker Hub credentials/tokens). The issue precedes com...

CVE-2026-45131 CloudPirates Open Source Helm Charts: GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...

CVE-2026-45131 CloudPirates Open Source Helm Charts: GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...

CVE-2026-45132

CVE-2026-45132 concerns CloudPirates Open Source Helm Charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposed sensitive credentials—Personal Access Token and an SSH signing key —to fork-controlled code due to unsafe checkout and credential handling practices. The...

CVE-2026-45132 CloudPirates Open Source Helm Charts: GitHub Actions workflow leaks PAT and SSH signing key via unsafe credential handling

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow generate-schema.yaml exposes sensitive credentials Personal Access Token and SSH signing key to fork-controlled code due to unsafe checkout and credential handling practices. Th...

CVE-2026-45132 CloudPirates Open Source Helm Charts: GitHub Actions workflow leaks PAT and SSH signing key via unsafe credential handling

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow generate-schema.yaml exposes sensitive credentials Personal Access Token and SSH signing key to fork-controlled code due to unsafe checkout and credential handling practices. Th...

CVE-2026-45803

A flaw was found in GitHub CLI. A remote attacker who can influence GitHub Actions workflow log output could inject terminal escape sequences into workflow logs. When a user views these logs using gh run view --log or gh run view --log-failed, the injected sequences may be replayed by the user's...

GHSA-3PV8-6F4R-FFG2 vulnerabilities

Vulnerabilities for packages: bootc, litmus, zizmor, wasm-pack, sccache, wasmcloud, deno, buck2, cargo-c, qdrant, rustup, fnm, rye, typst, cleave...

Malicious Package

Overview cms-github is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in cms-github (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0c5fca13510452946e5210125e75436d171401f46ce7f1e36e32c266e2cbc41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5107 Malicious code in cms-github (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0c5fca13510452946e5210125e75436d171401f46ce7f1e36e32c266e2cbc41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...