Lucene search
K
GithubRecent

33225 matches found

Github Security Blog
Github Security Blog
added 2026/06/16 5:37 p.m.9 views

n8n: Git Node Clone and Push Operations Bypass File Sandbox

Impact An authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push operation, bypassing the N8NRESTRICTFILEACCESSTO file sandbox. This allowed the...

7.7CVSS5.3AI score0.00495EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 5:37 p.m.10 views

n8n: Python sandbox escape

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue only affects instances where the Python Task Runner is enabled. Patches The issue has bee...

8.5CVSS6.2AI score0.00356EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 5:36 p.m.82 views

vLLM: OpenAI auth bypass

Summary A vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware, which was discovered during @x41sec's source code audit. It allows to use the API without providing the configured VLLMAPIKEY or...

9.1CVSS5.5AI score0.01014EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 5:36 p.m.15 views

Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read

Summary The "Shareable Playground" or "Public Flows" in code contains a potential arbitrary file-read vulnerability, depending on the exact flow configuration used. By making a flow public, public execution of the flow is allowed. The execution request can contain a list of files that gets read b...

6.1CVSS5.9AI score0.00249EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 5:35 p.m.21 views

Langflow: Unauthenticated RCE in Shareable Playgrounds

Summary The "Shareable Playground" or "Public Flows" in code contains a critical RCE vulnerability. Simply sharing a flow exposes the deployment to RCE risk by authenticated users. Tested on commit 2d67402b1dbaefcbce85a244d4a6cd5e4bda1cfe Details Shareable Playground feature works by enabling the...

9.6CVSS6AI score0.00688EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 5:35 p.m.8 views

Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint

Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API POST /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are used directly to create file paths without proper sanitization or containment checks. An authenticated attacker can exploit this flaw...

6.5CVSS5.5AI score0.00313EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 5:34 p.m.58 views

vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

Summary An assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode python -O or PYTHONOPTIMIZE=1. Details vLLM uses ...

8.1CVSS7.7AI score0.0252EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 5:34 p.m.8 views

Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints

Summary Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without verifying that the authenticated requester owns the targeted resource. Any authenticated...

8.8CVSS5.7AI score0.00291EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 3:33 p.m.5 views

Galaxy NG: command injection vulnerability

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

7.5CVSS6.6AI score0.00889EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 3:3 p.m.11 views

phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access

Summary When an application validates an untrusted X.509 certificate with phpseclib, X509::validateSignature reads a URL out of that certificate's Authority Information Access AIA extension and connects to it. Attacker who supplies certificate fully controls host, port, and path of that connectio...

5.8CVSS5.7AI score0.00133EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 3:3 p.m.28 views

LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders

Summary Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search agent middleware that validates a starting directory but not the search pattern or t...

5.5CVSS5.4AI score0.00157EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/16 2:57 p.m.7 views

Astro: XSS via Unescaped Attribute Names in Spread Props

Summary The spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props on an HTML element and the object...

6.1CVSS5.8AI score0.0016EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:38 p.m.10 views

Astro: Host header SSRF in prerendered error page fetch

Summary Astro SSR apps with prerendered error pages /404 or /500 using export const prerender = true fetch those pages over HTTP at runtime when an error occurs. The URL for this fetch is derived from request.url, which in turn gets its origin from the incoming Host header. When the Host header i...

7.5CVSS5.6AI score0.00196EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:37 p.m.8 views

@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config

Summary @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A single wildcard hostname such as .example.com is converted to an optional subdomain regex, so the apex host matches....

5.3CVSS5.5AI score0.00187EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:34 p.m.20 views

Natural Language Toolkit (NLTK): URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read

Summary nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments when using the nltk: URL scheme. The unsafe-path regex check is performed before url2pathname decodes the %xx sequences a classic decode-after-check / TOCTOU-style flaw, allowing ...

7.5CVSS5.5AI score0.00378EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:33 p.m.29 views

Microsoft Security Advisory CVE-2026-45491 – .NET Tampering Vulnerability

Executive Summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.Formats.Tar. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A tampering vulnerability exists in the...

6.2CVSS5.6AI score0.00388EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2026/06/16 2:32 p.m.13 views

hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

Summary The Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is delivered fully buffered and the adapter builds the request with the client-declared...

6.5CVSS5.4AI score0.00103EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:32 p.m.33 views

hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Summary On AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated reques...

4.8CVSS5.4AI score0.00114EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:15 p.m.25 views

hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard

Summary With credentials: true and no explicit origin the default wildcard, the CORS Middleware reflects the request's Origin and sends Access-Control-Allow-Credentials: true. Any site can then make credentialed cross-origin requests and read the responses, exposing cookie-authenticated endpoints...

7.1CVSS5.4AI score0.00248EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:9 p.m.18 views

hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)

Summary On Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as admin\secret.txt into a nested file under the root and serves it, letting an attacker read static file...

5.9CVSS5.2AI score0.00292EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:8 p.m.14 views

hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes for example Expires dates, clients cannot split the value back into individual cookies and...

5.3CVSS5.3AI score0.00186EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:7 p.m.22 views

Bleach clean() / Cleaner() fails to sanitize dangerous URI schemes in allowed formaction attributes

Summary Bleach clean / Cleaner fails to sanitize dangerous URI schemes in allowed formaction attributes. Bleach applies URI protocol sanitization only to attributes listed in attrvalisuri. While URI-bearing attributes such as action, href, src, and poster are included in that set, formaction is...

5.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:7 p.m.24 views

Bleach linkify(parse_email=True) CPU exhaustion via unbounded email regex scanning

Summary Bleach 6.3.0 exposes a documented email-linkification path through bleach.linkify..., parseemail=True. The implementation scans attacker-controlled text with EMAILRE.finditer over the full character token and has no length, timeout, or linear prefilter before applying the dot-atom email...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:6 p.m.38 views

Bleach: URI sanitization allows disallowed URI schemes with Unicode > U+00A0 in output

Impact A possible XSS bypass affects users calling bleach.clean with all of: a in the allowed tags href in allowed attributes The bleach.clean sanitizer outputs URIs containing disallowed scheme patterns that it should be stripping. However, because the inserted Unicode characters make the scheme...

5.5AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:5 p.m.35 views

pypdf: Possible infinite loop when processing outlines/bookmarks in writer

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. Patches This has been fixed in pypdf==6.13.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3830...

6.9CVSS5.3AI score0.00123EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:5 p.m.21 views

pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. Patches This has been fixed in pypdf==6.13.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3830...

6.9CVSS5.2AI score0.00123EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:5 p.m.40 views

Astro: Reflected XSS via unescaped slot name

Summary When a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflected XSS during SSR. This is similar...

7.1CVSS5.4AI score0.00177EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 1:49 p.m.10 views

Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL

Summary did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. When an application binds attacker-controlled input a query parameter, a CMS field, a user-supplied profile URL to or :href, the attacker can...

5.4CVSS4.9AI score0.00198EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 1:49 p.m.18 views

Nuxt dev server vite-node IPC socket is world-connectable on Linux

Impact When running nuxt dev on Linux Node.js 20+, outside Docker / StackBlitz, Nuxt's internal vite-node IPC server binds to a Linux abstract-namespace Unix socket \0nuxt-vite-node--.sock. Abstract sockets have no filesystem inode and therefore no permission bits: any local UID on the host that...

5.4AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 1:48 p.m.9 views

Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher

Impact Nuxt looks up routeRules for the current navigation by calling getRouteRules path: to.path from the page-router plugin and the no-pages router plugin. The compiled routeRules matcher built on rou3 performs case-sensitive matching, while vue-router is configured with its default sensitive:...

8.8CVSS5.3AI score0.00294EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 1:47 p.m.9 views

Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`

Summary Three weaknesses in Nuxt's client-navigation URL handling, all reachable from documented public APIs navigateTo and reloadNuxtApp: 1. SSR open redirect in navigateTo via path-normalisation bypass. navigateTo decided whether a target was external by inspecting the raw input with...

6.1CVSS5.6AI score0.00205EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 1:47 p.m.8 views

pypdf: Possible large memory usage for form XObjects during text extraction

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. Patches This has been fixed in pypdf==6.12.2. Workarounds If you cannot upgrade yet, consider applying...

6.9CVSS5.2AI score0.00123EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 1:46 p.m.7 views

pypdf: Inefficient decoding of FlateDecode PNG predictor streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. Patches This has been fixed in pypdf==6.12.2. Workarounds If you cannot upgrade yet, consider applying the changes...

5.1CVSS5.2AI score0.00117EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 1:45 p.m.9 views

pypdf: Manipulated XMP metadata streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. Patches This has been fixed in pypdf==6.12.1. Workarounds If you cannot upgrade yet, consider applying the change...

6.9CVSS5.2AI score0.0013EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 9:30 p.m.8 views

Remotion: arbitrary file write vulnerability

remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability...

9.1CVSS6AI score0.00324EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 9:30 p.m.6 views

Remotion: remote code execution (RCE) vulnerability

remotion-dev remotion v4.0.409 was discovered to contain a remote code execution RCE vulnerability...

9.8CVSS6.5AI score0.0081EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:56 p.m.23 views

Nuxt: Dev server discloses project absolute path and persistent workspace UUID via `/.well-known/appspecific/com.chrome.devtools.json`

Summary When running nuxt dev, Nuxt registers an unauthenticated route at /.well-known/appspecific/com.chrome.devtools.json that returns the absolute filesystem path of the project root and a per-project UUID persisted to nodemodules/.cache/nuxt/chrome-workspace.json. The route is enabled by...

5.5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:47 p.m.18 views

aws-cdk-lib: OS Command Injection in NodejsFunction Bundling

Summary AWS CDK aws-cdk-lib is an open-source framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow a threat actor who...

7.3CVSS6.3AI score0.00936EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:46 p.m.10 views

Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature

Summary Netty HTTP/2 max header size handling produces attack similar to HTTP/2 Rapid Reset. Details There is a setting in the http2 specification called SETTINGSMAXHEADERLISTSIZE. According to the RFC: “This advisory setting informs a peer of the maximum field section size that the sender is...

6.9CVSS5.3AI score0.00302EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:46 p.m.9 views

Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted

Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...

5.3CVSS5.3AI score0.00232EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:46 p.m.14 views

Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length

Summary RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken from the wire before the corresponding child messages exist. A small malicious header can claim a huge initial capacity. Details The...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:45 p.m.13 views

Netty: Wrapping plain trust manager silently disables hostname verification

SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends X509ExtendedTrustManager but implements the 3-arg checkServerTrustedchain, authType, SSLEngine by discarding the SSLEngine and calling the 2-a...

7.5CVSS5.2AI score0.00269EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:44 p.m.14 views

Netty: QUIC stateless reset token material exposed through header-visible connection IDs

Summary Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the server's current source connection ID can be derived from bytes that appear as the connection ID in QUIC headers...

4.8CVSS5.4AI score0.00204EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:43 p.m.13 views

Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

Summary A memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Details The vulnerability exists in io.netty.handler.codec.http3.QpackDecodershouldWaitForDynamicTableUpdates: If a client sends a header...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:41 p.m.10 views

markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations

Summary A quadratic time complexity vulnerability exists in markdown-it's smartquotes rule enabled via the typographer: true option. An attacker can craft a markdown input consisting of consecutive quotation marks that causes the parser to consume excessive CPU time, leading to denial of service...

5.3CVSS5.4AI score0.00306EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:39 p.m.13 views

Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

Summary request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An unauthenticated attacker can therefore send a urlencoded body with an...

7.5CVSS5.5AI score0.00275EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:38 p.m.9 views

OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation

Overview W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were only enforced on the outbound inject path, not on the inbound...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:38 p.m.13 views

Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname

Summary In affected versions, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example @google.com moves the authority boundary...

5.3CVSS5.5AI score0.00187EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:37 p.m.16 views

Tornado: CurlAsyncHTTPClient leaks per-request credentials on handle reuse

CurlAsyncHTTPClient leaks per-request credentials on handle reuse Summary CurlAsyncHTTPClient pools and reuses pycurl handles across requests but does not reset them between requests, and several per-request options are applied with no clearing branch. As a result, sensitive state set by one...

5.4AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:36 p.m.9 views

Nest: Middleware Bypass on Fastify via Trailing Slash

Impact An authentication bypass vulnerability exists in @nestjs/platform-fastify confirmed on version 11.1.24, the latest available release at time of report. When middleware is registered through NestJS's MiddlewareConsumer.forRoutes API on the Fastify adapter, an unauthenticated client can bypa...

8.7CVSS5.3AI score0.00285EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities33225