EUVD-2026-32675

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...

UserSpice 安全漏洞

UserSpice is an open-source PHP framework for user management and identity authentication. Version 4.3.24 of UserSpice contains a security vulnerability that stems from username enumeration. This vulnerability could allow unauthenticated attackers to discover valid usernames by sending POST...

inngest-js 信息泄露漏洞

Inngest-js is an open-source framework developed by Inngest, designed to support various serverless platforms. It serves as a reliable event-driven and background task execution framework. Versions 3.22.0 to 3.53.1 of Inngest-js contain a vulnerability related to information leakage. This...

ktransformers 代码问题漏洞

KTransformers is an open-source framework for CPU-GPU heterogeneous large-scale inference and fine-tuning developed by kvcache.ai. Versions of KTransformers 0.5.3 and earlier contained code vulnerabilities. These vulnerabilities stemmed from insecure deserialization in the balanceserve backend...

AVISE: Framework for Evaluating the Security of AI Systems

As artificial intelligence AI systems are increasingly deployed across critical domains, their security vulnerabilities pose growing risks of high-profile exploits and consequential system failures. Yet systematic approaches to evaluating AI security remain underdeveloped. In this paper, we...

agno 安全漏洞

Agno is an open-source full-stack framework developed by Agno for building multi-agent systems with memory, knowledge, and reasoning capabilities. Versions of Agno prior to 2.3.24 contained a security vulnerability, which was caused by improper handling of the fieldtype parameter in the model...

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow prior to 1.9.0 contained a security vulnerability. This vulnerability stemmed from the deleteapikeyroute endpoint, which did not verify the ownership of the...

elysia 安全漏洞

Elysia is an open-source framework developed by Elysia. Versions of Elysia prior to 1.4.27 contained security vulnerabilities. These vulnerabilities stemmed from the possibility that Elysia cookies could be contaminated by prototype pollution, which could lead to security issues...

How to scan for vulnerabilities with GitHub Security Lab’s open source AI-powered framework

For the last few months, we've been using the GitHub Security Lab Taskflow Agent along with a new set of auditing taskflows that specialize in finding web security vulnerabilities. They also turn out to be very successful at finding high-impact vulnerabilities in open source projects. As security...

CVE-2025-15033

creationtimestamp| type| source ---|---|--- 2026-03-06 20:09:04+00:00| seen| https://github.blog/security/how-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework/...

GHSA-C8XF-3J86-7686

creationtimestamp| type| source ---|---|--- 2026-03-06 20:09:04+00:00| seen| https://github.blog/security/how-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework/...

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence AI deployment has created a vast "unmanaged, publicly accessible layer of AI compute infrastructure" that spans 175,000 unique Ollama hosts across 130 countries. These...

GPAC Stack Buffer Overflow Vulnerability

GPAC is an open source multimedia framework. GPAC suffers from a stack buffer overflow vulnerability that stems from the dmxsaf function failing to properly validate the length and size of input data, which can be exploited by an attacker to cause a denial of service...

GHSA-C944-CV5F-HPVR

creationtimestamp| type| source ---|---|--- 2026-01-14 17:45:09+00:00| seen| https://github.blog/security/community-powered-security-with-ai-an-open-source-framework-for-security-research/...

CVE-2022-23590

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

abp 安全漏洞

abp is an ABP open source web application framework. A security vulnerability exists in abp version 5.1.0 through versions prior to 10.0.0-rc.2, which stems from failure to properly validate the returnUrl parameter, which could result in a redirect to an arbitrary external domain...

EUVD-2021-1353

Malware in sbrugna...

EUVD-2023-1744

Malicious code in bioql PyPI...

EUVD-2024-1202

Malicious code in bioql PyPI...

EUVD-2022-6514

Malicious code in bioql PyPI...