Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-14340 |
|
Authorization Flaw in github (CVE-2026-14340)
vulnerability in github (CVE-2026-14340). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10585 |
|
Cross-Site Scripting (XSS) in c (CVE-2026-10585)
cross-site scripting in c (CVE-2026-10585). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9132 |
|
Vulnerability in github (CVE-2026-9132)
vulnerability in github (CVE-2026-9132). Confidential information can be exposed externally.
|
| CVE-2026-9106 |
|
Vulnerability in github (CVE-2026-9106)
vulnerability in github (CVE-2026-9106). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48501 |
|
Authorization Flaw in github.com/cli/cli/v2 (CVE-2026-48501)
vulnerability in github.com/cli/cli/v2 (CVE-2026-48501). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `2.93.0` or later.
|
| CVE-2026-9312 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9312)
SSRF in ssrf (CVE-2026-9312). Confidential information can be exposed externally.
|
| CVE-2026-8606 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-8606)
SSRF in ssrf (CVE-2026-8606). Confidential information can be exposed externally.
|
| CVE-2026-45803 |
|
Vulnerability in github.com/cli/cli/v2 (CVE-2026-45803)
vulnerability in github.com/cli/cli/v2 (CVE-2026-45803). Risk of unauthorized operations or information disclosure. Exploitable via ``screen``. Mitigation: upgrade to `2.92.0` or later.
|
| CVE-2026-45033 |
|
Vulnerability in @github/copilot (CVE-2026-45033)
vulnerability in @github/copilot (CVE-2026-45033). Successful exploitation can lead to full system takeover. Exploitable via ``core.fsmonitor``. Mitigation: upgrade to `1.0.43` or later.
|
| CVE-2026-44313 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
|
| CVE-2026-41507 |
|
Code Injection in remote (CVE-2026-41507)
code injection in remote (CVE-2026-41507). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8034 |
|
Vulnerability in ssrf (CVE-2026-8034)
vulnerability in ssrf (CVE-2026-8034). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8106 |
|
Cross-Site Scripting (XSS) in github (CVE-2026-8106)
cross-site scripting in github (CVE-2026-8106). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6736 |
|
Vulnerability in github (CVE-2026-6736)
vulnerability in github (CVE-2026-6736). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7541 |
|
Vulnerability in dos (CVE-2026-7541)
vulnerability in dos (CVE-2026-7541). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29783 |
|
OS Command Injection in github (CVE-2026-29783)
OS command injection in github (CVE-2026-29783). Successful exploitation can lead to full system takeover.
|