29537 matches found
CVE-2026-44971 GuardDog: Blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration
GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...
CVE-2026-44971
GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...
CVE-2026-44971 GuardDog: Blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration
GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...
CVE-2026-48925
A cross-site request forgery CSRF vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request...
EUVD-2026-32516
A cross-site request forgery CSRF vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request...
CVE-2026-48925
CVE-2026-48925 is a CSRF vulnerability in the Jenkins GitHub Integration Plugin, affected
CVE-2026-48925
A cross-site request forgery CSRF vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request...
CVE-2026-46439
creationtimestamp| type| source ---|---|--- 2026-05-27 11:43:24+00:00| published-proof-of-concept| https://github.com/oscal-compass/compliance-trestle/security/advisories/GHSA-gg2g-p7xc-qqmm...
CVE-2026-46380
creationtimestamp| type| source ---|---|--- 2026-05-27 11:42:06+00:00| published-proof-of-concept| https://github.com/oscal-compass/compliance-trestle/security/advisories/GHSA-w76h-q7c6-jpjp...
CVE-2026-45774
creationtimestamp| type| source ---|---|--- 2026-05-27 11:39:59+00:00| published-proof-of-concept| https://github.com/oscal-compass/compliance-trestle/security/advisories/GHSA-mj4x-vf5c-5xg8...
CVE-2026-8042
The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'repo' shortcode attribute in the 'github' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-8042
The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'repo' shortcode attribute in the 'github' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-8042
The CVE concerns the WordPress plugin “Github Shortcode.” All versions up to 0.1 are affected by a Stored Cross-Site Scripting (Stored XSS) in the github shortcode via the repo attribute due to insufficient input sanitization and output escaping. An authenticated attacker with Contributor-level a...
CVE-2026-8042 Github Shortcode <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'repo' shortcode attribute in the 'github' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-8042 Github Shortcode <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'repo' shortcode attribute in the 'github' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
EUVD-2026-32118
The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'repo' shortcode attribute in the 'github' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
GHSA-HV9P-2PQF-R5W3 vulnerabilities
Vulnerabilities for packages: pgadmin4...
CVE-2026-25879
creationtimestamp| type| source ---|---|--- 2026-05-27 00:56:21+00:00| published-proof-of-concept| https://github.com/langroid/langroid/security/advisories/GHSA-mxfr-6hcw-j9rq 2026-06-02 01:02:14+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnbfibhj362a...
CVE-2026-9312
A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insufficient input validation in an upload endpoint. By injecting path traversal content into request...
CVE-2026-8606
A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...