GHSA-FHVH-VW7H-9XF3

creationtimestamp| type| source ---|---|--- 2026-05-19 17:10:50+00:00| seen| https://gist.github.com/alon710/c234ec86be1c4c5715ed61d6d656e517...

CVE-2026-31378

creationtimestamp| type| source ---|---|--- 2026-05-19 17:02:23+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mm7umdaopw25...

CVE-2026-5516

creationtimestamp| type| source ---|---|--- 2026-05-19 16:55:11+00:00| seen| https://bsky.app/profile/knaepp.bsky.social/post/3mm7u7cccay2h...

CVE-2026-47323

creationtimestamp| type| source ---|---|--- 2026-05-19 16:51:21+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mm7tylplja2s 2026-05-27 07:19:43+00:00| seen| https://bsky.app/profile/cyberowi.pl/post/3mmsxqwetty2s 2026-06-01 11:03:09+00:00| seen|...

CVE-2026-8969

creationtimestamp| type| source ---|---|--- 2026-05-19 16:46:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm7tqno6pn2p 2026-05-19 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/mozilla-products-multiple-vulnerabilities20260520 2026-05-20 02:00:49+00:00| seen|...

CVE-2026-42543

creationtimestamp| type| source ---|---|--- 2026-05-19 16:45:19+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mm7tns7soc2m 2026-06-04 23:36:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnis4h4ht72f...

CVE-2026-8970

creationtimestamp| type| source ---|---|--- 2026-05-19 16:41:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm7thpa6i32i 2026-05-19 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/mozilla-products-multiple-vulnerabilities20260520 2026-05-20 02:01:27+00:00| seen|...

GHSA-JGGG-4JG4-V7C6

creationtimestamp| type| source ---|---|--- 2026-05-19 16:40:49+00:00| seen| https://gist.github.com/alon710/4e72f2de4fd57f71c04d127b90b84200...

CVE-2026-45740

creationtimestamp| type| source ---|---|--- 2026-05-19 16:40:49+00:00| seen| https://gist.github.com/alon710/4e72f2de4fd57f71c04d127b90b84200...

@0xlimao/n8n-nodes-ethereum (>=1.0.0 <=1.0.1), @aayshian/n8n-aisensy-ay19 (=0.0.1) +95 more potentially affected by unknown CVE via n8n-core (>=2.0.0-rc.0 <=2.1.4)

n8n-core NPM version =2.0.0-rc.0, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.3.6, =0.1.0, =1.0.0, =0.1.4, =0.1.0, =0.1.13 and more Source cves: unknown CVE Source advisory: SNYK:JS-N8NCORE-16874152...

grafana: Grafana: Information disclosure of data-source passwords via public dashboards

A flaw was found in Grafana. When public dashboards are used with direct data-sources, sensitive credentials, specifically passwords for all direct data-sources, are exposed. This information disclosure occurs even when these data-sources are not actively utilized in the dashboards. A remote...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

MAL-2026-4171 Malicious code in @mc-xp/mc-monolith-js-src-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13fafa7ca25af537c9383868398521cf50a086c1055e9451e4a2208de0083923 The OpenSSF Package Analysis project identified '@mc-xp/mc-monolith-js-src-package' @ 99.9.1 npm as malicious. It is considered malicious becaus...

Directory Traversal

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Directory Traversal via the ExecuteWorkflow node's localFile source option. An attacker can enumerate arbitrary files on the server host and in some instances can achieve arbitrary code execution by...

GHSA-6M52-M754-PW2G Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...

@bloggrify/bento (>=3.0.0 <=3.0.1), @bloggrify/core (>=3.0.0 <=3.1.2) +22 more potentially affected by CVE-2026-45669 via nuxt (>=4.0.0-rc.0 <=4.4.4)

nuxt NPM version =4.0.0-rc.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =1.0.3, =10.0.2, =1.1.11, =1.0.4, =0.4.5, =0.0.0, =0.0.1, =1.0.0, =1.1.0, =2.0.1 and more Source cves: CVE-2026-45669 Source advisory: OSV:GHSA-FX6J-W5W5-H468...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper path validation in the repository checkout process. An attacker can modify files outside the intended target directory, including .git directories, by supplying a maliciously crafted repository payloa...

Security Bulletin: IBM Controller is affected by vulnerabilities

Summary There are vulnerabilities in Open-Source Software OSS components used by IBM Controller. Additionally, IBM Controller is vulnerable to cross site scripting XSS and server-side request forgery SSRF vulnerabilities. Please refer to the table in the Related Information section for...

CVE-2026-47696

creationtimestamp| type| source ---|---|--- 2026-05-19 15:01:00+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-9392-pj54-qqf8 2026-05-29 17:35:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmz35lsz4e23 2026-06-04 19:40:55+00:00| seen|...

Cross-site Scripting (XSS)

Overview @haxtheweb/video-player is an Automated conversion of video-player/ Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of elements that allow javascript: URIs in the src attribute. An attacker can execute arbitrary JavaScript in the...