EUVD-2026-28849

Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow .github/workflows/pr-docker-build.yml allows any unauthenticated user to execute arbitrary code during the Docker build process and exfiltrate a...

PT-2026-35057

Name of the Vulnerable Software and Affected Versions Skim affected versions not specified Description The generate-files job in the '.github/workflows/pr.yml' file checks out code from an attacker-controlled fork and executes it via the cargo run command. This process allows access to the SKIM R...

CVE-2023-30623

embano1/wip is a GitHub Action written in Bash. Prior to version 2, the embano1/wip action uses the github.event.pullrequest.title parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This...

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...