52 Total CVEs
29 AI Analyzed
1 CISA KEV
21 Critical
All Vendors
Showing 1-52 of 52 CVEs
CVE-2026-7679
Analyzed
7.3
GitHub yudao-cloud

A security flaw has been discovered in YunaiV yudao-cloud up to 2026

2026-05-04
CVE-2026-50086
Analyzed
10
GitHub IAM/SSO gateway

The Aqara IAM/SSO gateway contains a critical flaw that exposes cryptographic signing keys, allowing unauthenticated attackers to perform unauthorized...

2026-06-13
CVE-2026-4800
8.1
GitHub Multiple Products

Impact: The fix for CVE-2021-23337 (https://github

2026-04-01
CVE-2026-4645
7.5
GitHub Multiple Products

A flaw was found in the `github

2026-03-24
CVE-2026-45556
Analyzed
9.9
GitHub Roxy-WI

Roxy-WI contains an authenticated arbitrary file write vulnerability in its WAF rule saving functionality, allowing for Remote Code Execution on manag...

2026-06-11
CVE-2026-45482
Analyzed
8.4
GitHub Copilot / Visual Studio Code

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information...

2026-06-20
CVE-2026-45321
KEV Analyzed
9.6
GitHub Actions OIDC

GitHub Actions OIDC was exploited to publish malicious npm packages by chaining multiple vulnerabilities, including cache poisoning and token extracti...

2026-05-12
CVE-2026-45132
Analyzed
10
GitHub Open Source Helm Charts

A GitHub Actions workflow in CloudPirates Helm Charts exposes Personal Access Tokens and SSH signing keys to untrusted code.

2026-06-02
CVE-2026-45131
Analyzed
10
GitHub Open Source Helm Charts

A GitHub Actions workflow in CloudPirates Helm Charts executes attacker-controlled code from forks, exposing repository secrets.

2026-06-02
CVE-2026-44971
Analyzed
8.2
GitHub credentials with

GuardDog is a CLI tool to identify malicious PyPI packages

2026-05-29
CVE-2026-42603
8.8
GitHub Multiple Products

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more

2026-05-12
CVE-2026-42298
Analyzed
10
GitHub Postiz

A "Pwn Request" vulnerability in Postiz allows unauthenticated users to execute arbitrary code via malicious pull requests, leading to credential exfi...

2026-05-09
CVE-2026-41500
Analyzed
9.8
GitHub Electerm

A command injection vulnerability in Electerm allows attackers to execute arbitrary code by supplying a malicious release name.

2026-05-08
CVE-2026-41431
8
GitHub release pipeline

Zen is a firefox-based browser

2026-05-12
CVE-2026-41414
7.4
GitHub user can

Skim is a fuzzy finder designed to through files, lines, and commands

2026-04-25
CVE-2026-41311
7.5
GitHub Pages compatible

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript

2026-05-10
CVE-2026-41109
8.8
GitHub Copilot and

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unaut...

2026-05-13
CVE-2026-41053
Analyzed
8.8
GitHub Rancher

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access t...

2026-07-01
CVE-2026-40903
Analyzed
9.1
GitHub goshs

The goshs SimpleHTTPServer is affected by an ArtiPACKED vulnerability that can lead to the unauthorized leakage of GITHUB_TOKEN credentials via workfl...

2026-04-22
CVE-2026-40890
7.5
GitHub Multiple Products

The package `github

2026-04-22
CVE-2026-40316
8.8
GitHub Multiple Products

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more

2026-04-16
CVE-2026-35580
Analyzed
9.1
GitHub Actions workflow

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-contro...

2026-04-08
CVE-2026-34243
Analyzed
9.8
GitHub Actions workflow

The wenxian GitHub Actions workflow is vulnerable to command injection via untrusted user input in issue comments, allowing arbitrary code execution o...

2026-04-01
CVE-2026-34042
8.2
GitHub actions

act is a project which allows for local running of github actions

2026-03-31
CVE-2026-33475
Analyzed
9.1
GitHub Actions workflows

Unauthenticated remote shell injection in Langflow's GitHub Actions workflows allows attackers to execute arbitrary commands and exfiltrate CI secrets...

2026-03-25
CVE-2026-31945
Analyzed
7.7
GitHub Multiple Products

LibreChat is a ChatGPT clone with additional features

2026-03-28
CVE-2026-30920
8.6
GitHub App callback

OneUptime is a solution for monitoring and managing online services

2026-03-11
CVE-2026-29872
8.2
GitHub MCP Agent

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-0...

2026-03-31
CVE-2026-26323
8.8
GitHub login from

OpenClaw is a personal AI assistant

2026-02-21
CVE-2026-26187
Analyzed
8.1
GitHub lakeFS

lakeFS is an open-source tool that transforms object storage into a Git-like repositories

2026-02-14
CVE-2026-25761
8.8
GitHub Action or

Super-linter is a combination of multiple linters to run as a GitHub Action or standalone

2026-02-10
CVE-2026-23654
8.8
GitHub Repo

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network

2026-03-11
CVE-2026-21523
8
GitHub Copilot and

Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network

2026-02-11
CVE-2026-21516
8.8
GitHub Copilot allows

Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code...

2026-02-11
CVE-2026-21257
8
GitHub Copilot and

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker...

2026-02-11
CVE-2026-21256
8.8
GitHub Copilot and

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacke...

2026-02-11
CVE-2026-1699
Analyzed
10
GitHub Multiple Products

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while checking out...

2026-01-31
CVE-2026-10649
Analyzed
8.6
GitHub Pacemaker

A flaw was found in Pacemaker

2026-06-17
CVE-2026-0756
Analyzed
9.8
GitHub Multiple Products

github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitr...

2026-01-23
CVE-2025-66401
Analyzed
9.8
GitHub Multiple Products

MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCPScanner class contains a critical...

2025-12-02
CVE-2025-66389
Analyzed
7.5
GitHub Copilot

GitHub Copilot 1

2026-06-23
CVE-2025-65637
7.5
GitHub Multiple Products

A denial-of-service vulnerability exists in github

2025-12-06
CVE-2025-60021
Analyzed
9.8
GitHub Multiple Products

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to i...

2026-01-17
CVE-2025-59157
Analyzed
9.9
GitHub Multiple Products

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Reposit...

2026-01-06
CVE-2025-56005
Analyzed
9.8
GitHub Multiple Products

An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the...

2026-01-21
CVE-2025-55322
7.3
GitHub Multiple Products

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network

2025-09-24
CVE-2025-54594
Analyzed
9.1
GitHub Multiple Products

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml Git...

2025-08-07
CVE-2025-54416
9.1
GitHub Multiple Products

tj-actions/branch-names is a Github actions repository that contains workflows to retrieve branch or tag names with support for all events. In version...

2025-07-28
CVE-2025-53773
7.8
GitHub Multiple Products

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacke...

2025-08-13
CVE-2025-53624
Analyzed
10
GitHub Multiple Products

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists ver...

2025-07-10
CVE-2025-53546
Analyzed
9.1
GitHub Multiple Products

Folo organizes feeds content into one timeline. Using pull_request_target on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by att...

2025-07-10
CVE-2019-25718
Analyzed
8.4
GitHub Infinity Explorer C700

Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying...

2026-06-04