4 matches found
CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml
FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...
PT-2026-26590
FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pull request target which runs with access to repository secrets but checks out...
Malicious code in production_registry_client (npm)
The package productionregistryclient was found to contain malicious code...
MAL-2025-29711 Malicious code in production_registry_client (npm)
The package productionregistryclient was found to contain malicious code...