GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21.1 of GitHub Enterprise Server, there was a security...

CVE-2026-8606 Server-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL Endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

CVE-2026-8606

A Server-Side Request Forgery (SSRF) in GitHub Enterprise Server was exposed via the security advisories package lookup endpoint, allowing an attacker to issue HTTP requests to internal services. By directing requests to an internal management service and measuring response timing, an attacker co...

CVE-2026-8606

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

CVE-2026-8606 Server-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL Endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

EUVD-2026-32025

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

CVE-2026-3515

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

GHSA-Q8MJ-M7CP-5Q26 vulnerabilities

Vulnerabilities for packages: json-server, sqlpad, code-server, thingsboard, renovate, tileserver-gl, prism, opensearch-dashboards, kubeflow-pipelines, kubeflow-centraldashboard, argo-workflows, langfuse, saf...

WordPress Github Shortcode plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Github Shortcode versions = 0.1...

-GodSearch

󰓾 GodSearch v20.0 — THE SOVEREIGN 💀 Universal Exploit Sear...

GodSearch

󰓾 GodSearch v20.0 — THE SOVEREIGN 💀 Universal Exploit Sear...

EUVD-2026-31902

Vowpal Wabbit is a machine learning system. The workflow .github/workflows/pythonchecks.yml embeds $ github.event.pullrequest.title directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script...

CVE-2026-45162

creationtimestamp| type| source ---|---|--- 2026-05-26 14:09:06+00:00| published-proof-of-concept| https://github.com/pimcore/pimcore/security/advisories/GHSA-36fc-7wjg-mfvj...

CVE-2026-45704

creationtimestamp| type| source ---|---|--- 2026-05-26 14:01:06+00:00| published-proof-of-concept| https://github.com/pimcore/pimcore/security/advisories/GHSA-jwcc-gv4m-93x6...

CVE-2026-27384

creationtimestamp| type| source ---|---|--- 2026-05-26 09:00:05+00:00| seen| https://t.me/GithubRedTeam/85938 2026-05-27 21:10:45+00:00| seen| Telegram/GF77XqZ1LHaWDL2kD1JemKeP32DvhHpTDQqckw5Eq33XXvc...

MAL-2026-4793 Malicious code in vxui-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4af2c5e995ae069d3037f1310d055fac142dd6bb2ccd5ecb7e7f9a518e8022f0 On npm install, package.json's postinstall script runs curl -skL...

CVE-2026-49396

creationtimestamp| type| source ---|---|--- 2026-05-26 07:31:03+00:00| published-proof-of-concept| https://github.com/nezhahq/nezha/security/advisories/GHSA-8qhj-4f8c-j8qg...

CVE-2026-9520

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

EUVD-2026-31781

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

MAL-2026-4482 Malicious code in arnext (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d689a27b5cc929562b684a7181549d3770de331a9f57120881d8060294b6e5f package.json declares "preinstall": "./vendor/setup", which runs a 976,568-byte Linux ELF binary on every npm install. The package's stated purpose i...