📡 GitHub-Advisory · 2026-05-08 CVE-2026-44309 - gitsign verify accepts signatures over go-git-normalized bytes, enabling trust c CVE-2026-44309 GHSA-7rmh-48mx-2vwc MEDIUM go/github.com/sigstore/gitsign CVE: CVE-2026-44309 Summary gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44566 - Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal CVE-2026-44566 GHSA-9pgh-j74g-qj6m HIGH pip/open-webui CVE: CVE-2026-44566 **CONFIDENTIAL** KL-CAN-2024-002 Vulnerability Details #FieldValue 1**Discoverer**Jaggar Henry & Sean Segreti of KoreLogic, Inc. 2**Date Submitted**2024.03.12 3**Title**Open WebUI Arbitrary File Upload + Path

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44567 - Open WebUI has Improper Authorization Control CVE-2026-44567 GHSA-4vg5-rp28-gvjf HIGH pip/open-webui CVE: CVE-2026-44567 **CONFIDENTIAL** Vulnerability Disclosure Analysis Documentation Vulnerability Details #FieldValue 1**Discoverer**Taylor Pennington of KoreLogic, Inc. 2**Date Submitted**June 11, 2024 3**Title**Open WebUI Improper Authorization Control 5**Affected Vendor**Open WebUI

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44549 - Open WebUI has stored XSS in Excel file preview CVE-2026-44549 GHSA-jwf8-pv5p-vhmc HIGH pip/open-webui CVE: CVE-2026-44549 Summary Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheet_to_html to embed an XSS

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44832 - Snipe-IT has Privilege Escalation via API Permissions Assignment CVE-2026-44832 GHSA-hq28-crg7-95pr HIGH composer/snipe/snipe-it CVE: CVE-2026-44832 Impact An authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1.

📡 GitHub-Advisory · 2026-05-08 GHSA-pmwq-pjrm-6p5r - in-toto-golang and in-toto-python have inconsistent negation behavior GHSA-pmwq-pjrm-6p5r MEDIUM go/github.com/in-toto/in-toto-golang CVE: Impact _What kind of vulnerability is it? Who is impacted?_ in-toto-golang and in-toto-python both support glob patterns in artifact rules to indicate the artifacts that a rule applies to. Both support

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44831 - Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0) CVE-2026-44831 GHSA-r42m-953q-6vjx MEDIUM composer/snipe/snipe-it CVE: CVE-2026-44831 Impact Users with component view access could be impacted by an unescaped notes column. Patches This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44298 - Kimai has an arbitrary file read in its invoice PDF renderer (admin) CVE-2026-44298 GHSA-h5fh-7hwr-97mw MEDIUM composer/kimai/kimai CVE: CVE-2026-44298 Summary Users with the role System-Admin (ROLE_SYSTE_ADMIN) and the permission upload_invoice_template can upload PDF invoice templates, which can call pdfContext.setOption('

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44568 - Open WebUI has Stored XSS in Pending User Overlay via Incorrect DOMPurify Applic CVE-2026-44568 GHSA-fq3v-xjjx-95rc MEDIUM pip/open-webui CVE: CVE-2026-44568 Vulnerability Details CWE-79: Cross-site Scripting (XSS) The AccountPending.svelte component renders the admin-configured "Pending User Overlay Content" using marked.parse() inside {@html} with an

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44214 - eventsource-encoder vulnerable to SSE event injection via unsanitized `event` an CVE-2026-44214 GHSA-m9g3-3g99-mhpx MEDIUM npm/eventsource-encoder CVE: CVE-2026-44214 Summary eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Events line terminators

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44213 - OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy CVE-2026-44213 GHSA-wfr5-454p-mjc2 MEDIUM nuget/OpenTelemetry.Exporter.Instana CVE: CVE-2026-44213 Summary The OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44247 - Volcano's webhook server vulnerable to OOM due to unbounded HTTP request body si CVE-2026-44247 GHSA-8wxp-xxp2-rcgx MEDIUM go/volcano.sh/volcano CVE: CVE-2026-44247 Impact The Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44211 - Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability CVE-2026-44211 GHSA-5c57-rqjx-35g2 CRITICAL npm/cline CVE: CVE-2026-44211 Summary The kanban npm package (used by the cline CLI) starts a WebSocket server on 127.0.0.1:3484 with no Origin header validation. Any website a developer visits

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44209 - banks has Critical Remote Code Execution (RCE) via Jinja2 SSTI CVE-2026-44209 GHSA-gphh-9q3h-jgpp HIGH pip/banks CVE: CVE-2026-44209 Summary banks <= 2.4.1 uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt() are vulnerable to Server-Side

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44728 - @babel/plugin-transform-modules-systemjs generates arbitrary code when compiling CVE-2026-44728 GHSA-fv7c-fp4j-7gwp HIGH npm/@babel/plugin-transform-modules-systemjs CVE: CVE-2026-44728 Impact Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. Known affected plugins are: * @babel/plugin-transform-modules-systemjs * @babel/

📡 GitHub-Advisory · 2026-05-08 CVE-2026-32689 - Phoenix: Long-poll NDJSON body splitting causes large memory allocation CVE-2026-32689 GHSA-628h-q48j-jr6q HIGH erlang/phoenix CVE: CVE-2026-32689 Summary An unauthenticated denial-of-service vulnerability in Phoenix's long-poll transport allows a remote client to allocate a large amount of memory with a HTTP request. A handful of concurrent

📡 GitHub-Advisory · 2026-05-08 GHSA-qhh4-458h-xwh2 - @cyclonedx/cdxgen: Docker registry auth substring match forwards credentials to GHSA-qhh4-458h-xwh2 MEDIUM npm/@cyclonedx/cdxgen CVE: Docker registry auth substring match forwards credentials to a different registry Repository cdxgen/cdxgen Affected product/package * Ecosystem: npm * Package: @cyclonedx/cdxgen * Reviewed tree version: 12.3.3 * Reviewed commit: