29545 matches found
CVE-2026-47708
creationtimestamp| type| source ---|---|--- 2026-05-19 16:51:59+00:00| published-proof-of-concept| https://github.com/SepineTam/mcp-for-stata/security/advisories/GHSA-4p62-hqp5-g644...
GHSA-F9F8-RM49-7JV2 Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
Summary Composer leaks the full contents of tokens configured as GitHub OAuth tokens if they do not match Composer's expected format for such tokens to stderr. GitHub has introduced a new format for GitHub Actions GITHUBTOKEN values. These tokens are validated in the same way by Composer on GitHu...
Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
Summary Composer leaks the full contents of tokens configured as GitHub OAuth tokens if they do not match Composer's expected format for such tokens to stderr. GitHub has introduced a new format for GitHub Actions GITHUBTOKEN values. These tokens are validated in the same way by Composer on GitHu...
GHSA-XMPW-2VMM-P4P6 Malicious code in guardrails-ai 0.10.1 (supply chain compromise)
Impact On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Affected: any user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026. Security researchers identified the malicious package within approximately 2 hours ...
CVE-2026-47671
creationtimestamp| type| source ---|---|--- 2026-05-19 11:17:06+00:00| published-proof-of-concept| https://github.com/nhost/nhost/security/advisories/GHSA-64cj-qvx5-m4f3...
CVE-2026-47423
creationtimestamp| type| source ---|---|--- 2026-05-19 09:26:54+00:00| published-proof-of-concept| https://github.com/cure53/DOMPurify/security/advisories/GHSA-87xg-pxx2-7hvx 2026-06-04 11:02:16+00:00| seen| https://t.me/GithubRedTeam/87264...
CVE-2026-47429
creationtimestamp| type| source ---|---|--- 2026-05-19 09:24:23+00:00| published-proof-of-concept| https://github.com/vitest-dev/vitest/security/advisories/GHSA-5xrq-8626-4rwp 2026-06-07 23:20:25+00:00| seen| https://bsky.app/profile/securitylab-jp.bsky.social/post/3mnqcloetts2r...
CVE-2026-47428
creationtimestamp| type| source ---|---|--- 2026-05-19 09:23:47+00:00| published-proof-of-concept| https://github.com/vitest-dev/vitest/security/advisories/GHSA-2h32-95rg-cppp...
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code VS Code Marketplace. The extension in question is rwl.angular-console version 18.95.0, a popular user interface and plugin for code editors like VS Code,...
CVE-2026-47399
creationtimestamp| type| source ---|---|--- 2026-05-19 06:35:47+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-6h6v-6m7w-7vxx...
CVE-2026-47391
creationtimestamp| type| source ---|---|--- 2026-05-19 06:35:04+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-vg22-4gmj-prxw...
CVE-2026-47398
creationtimestamp| type| source ---|---|--- 2026-05-19 06:35:03+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-78r8-wwqv-r299...
CVE-2026-47397
creationtimestamp| type| source ---|---|--- 2026-05-19 06:35:00+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-hvhp-v2gc-268q...
CVE-2026-47396
creationtimestamp| type| source ---|---|--- 2026-05-19 06:34:59+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-86qc-r5v2-v6x6...
CVE-2026-47394
creationtimestamp| type| source ---|---|--- 2026-05-19 06:34:57+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9cr9-25q5-8prj...
CVE-2026-47392
creationtimestamp| type| source ---|---|--- 2026-05-19 06:34:53+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4mr5-g6f9-cfrh...
CVE-2026-46681
creationtimestamp| type| source ---|---|--- 2026-05-19 06:24:42+00:00| published-proof-of-concept| https://github.com/nevware21/ts-utils/security/advisories/GHSA-x7j8-49r8-mr43...
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper , to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has...
Malicious code in @antv/gl-matrix (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/f2-vue (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...