Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2026/05/19 7:49 p.m.6 views

EUVD-2026-30553

Trubo: Login callback CSRF/session fixation...

6.5CVSS5.8AI score0.00016EPSS
Exploits0References2
OSV
OSVadded 2026/05/19 7:49 p.m.6 views

GHSA-HCF7-66RW-9F5R Trubo: Login callback CSRF/session fixation

Impact Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a request to the local callback server with an attacker-controlled token. If accepted before the...

5.1CVSS5.8AI score0.00016EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/05/19 7:49 p.m.9 views

Trubo: Login callback CSRF/session fixation

Impact Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a request to the local callback server with an attacker-controlled token. If accepted before the...

6.5CVSS5.8AI score0.00016EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2026/05/15 4:16 p.m.7 views

CVE-2026-45773

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a...

6.5CVSS0.00016EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/15 3:51 p.m.39 views

CVE-2026-45773 Turborepo: Login callback CSRF/session fixation

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a...

5.1CVSS0.00016EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/15 3:51 p.m.8 views

CVE-2026-45773

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a...

5.1CVSS5.9AI score0.00016EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/15 12:0 a.m.8 views

PT-2026-41312

Name of the Vulnerable Software and Affected Versions Turborepo versions prior to 2.9.14 Description Turborepo is a high-performance build system for JavaScript and TypeScript codebases. The self-hosted login and SSO browser flows fail to validate a CSRF Cross-Site Request Forgery state value on...

6.5CVSS5.8AI score0.00016EPSS
Exploits0References5
Rows per page
Query Builder