2 matches found
CVE-2026-44723
CVE-2026-44723 affects Vowpal Wabbit. The issue arises in the GitHub workflow .github/workflows/python_checks.yml where the PR title ({{ github.event.pull_request.title }}) is directly embedded inside double-quoted bash strings in four steps across four jobs, passing it as a CLI argument to run_t...
CVE-2026-27701 LiveCodes vulnerable to JavaScript Injection via untrusted PR title in i18n-update-pull workflow
LiveCode is an open-source, client-side code playground. Prior to commit e151c64c2bd80d2d53ac1333f1df9429fe6a1a11, LiveCode's i18n-update-pull GitHub Actions workflow is vulnerable to JavaScript injection. The title of the Pull Request associated with the triggering issue comment is interpolated...