{ "name": "Stateward threat feed", "description": "Curated, mitigation-grade vulnerabilities and landmark attack techniques across Web3, supply chain, AppSec, secrets, OpSec, infra/cloud and AI - plus the live known-exploited (CISA KEV) and high-severity feed. Each entry explains how it happened and how to avoid it.", "source": "https://www.stateward.com/vulnerabilities", "feeds": { "rss": "https://www.stateward.com/feed.xml", "json": "https://www.stateward.com/threats.json" }, "license": "Free to use with attribution and a link back to https://stateward.com/vulnerabilities. Curated by Stateward (Yggdrasil Digital).", "generatedAt": "2026-06-18T10:50:47.136Z", "count": 476, "fields": { "id": "Advisory id (CVE/GHSA) or curated identifier", "aliases": "Other names / identifiers for the same issue", "severity": "critical | high | medium | low", "ecosystem": "Affected ecosystem / sector (bucket before \" · \")", "package": "Affected package, product or organization", "summary": "What happened and the low-level root cause", "mitigation": "Actionable, code-level steps to avoid it (when available)", "publishedAt": "Epoch milliseconds", "zeroDay": "Exploited in the wild", "ransomware": "Linked to ransomware", "cwe": "CWE identifiers", "references": "Primary source URLs", "category": "Topic: web3 | supply-chain | appsec | secrets | opsec | infra | ai | kev", "url": "Canonical page on stateward.com" }, "vulnerabilities": [ { "id": "GHSA-HHPQ-7WG4-36JM", "aliases": [ "CVE-2026-55590", "CVE-2026-55590" ], "severity": "medium", "ecosystem": "composer", "package": "cakephp/authentication", "summary": "CakePHP Authentication: Open redirect weakness via backslash bypass", "mitigation": null, "publishedAt": 1781722329000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-601" ], "references": [ "https://github.com/advisories/GHSA-hhpq-7wg4-36jm", "https://github.com/cakephp/authentication/security/advisories/GHSA-hhpq-7wg4-36jm", "https://github.com/advisories/GHSA-hhpq-7wg4-36jm" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-HHPQ-7WG4-36JM" }, { "id": "GHSA-8FQ9-273G-6MRG", "aliases": [ "CVE-2026-55518", "CVE-2026-55518" ], "severity": "critical", "ecosystem": "rubygems", "package": "avo", "summary": "Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation", "mitigation": null, "publishedAt": 1781722151000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-639", "CWE-862", "CWE-863" ], "references": [ "https://github.com/advisories/GHSA-8fq9-273g-6mrg", "https://github.com/avo-hq/avo/security/advisories/GHSA-8fq9-273g-6mrg", "https://github.com/advisories/GHSA-8fq9-273g-6mrg" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-8FQ9-273G-6MRG" }, { "id": "GHSA-X2QC-CMH9-F4HF", "aliases": [ "CVE-2026-55517", "CVE-2026-55517" ], "severity": "medium", "ecosystem": "rust", "package": "deno", "summary": "Deno: Denial of service via non-ASCII bytes in WebSocket response headers", "mitigation": null, "publishedAt": 1781722098000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-248" ], "references": [ "https://github.com/advisories/GHSA-x2qc-cmh9-f4hf", "https://github.com/denoland/deno/security/advisories/GHSA-x2qc-cmh9-f4hf", "https://github.com/advisories/GHSA-x2qc-cmh9-f4hf" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-X2QC-CMH9-F4HF" }, { "id": "GHSA-2F55-G35J-5JMF", "aliases": [ "CVE-2026-55471", "CVE-2026-55471" ], "severity": "critical", "ecosystem": "maven", "package": "ca.uhn.hapi.fhir:org.hl7.fhir.utilities", "summary": "HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory", "mitigation": null, "publishedAt": 1781722071000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-611" ], "references": [ "https://github.com/advisories/GHSA-2f55-g35j-5jmf", "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-2f55-g35j-5jmf", "https://github.com/advisories/GHSA-2f55-g35j-5jmf" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-2F55-G35J-5JMF" }, { "id": "GHSA-FXJ4-P9XP-37V5", "aliases": [ "CVE-2026-55470", "CVE-2026-55470" ], "severity": "high", "ecosystem": "maven", "package": "ca.uhn.hapi.fhir:org.hl7.fhir.dstu2", "summary": "HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS", "mitigation": null, "publishedAt": 1781722043000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-1333" ], "references": [ "https://github.com/advisories/GHSA-fxj4-p9xp-37v5", "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-fxj4-p9xp-37v5", "https://github.com/advisories/GHSA-fxj4-p9xp-37v5" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-FXJ4-P9XP-37V5" }, { "id": "GHSA-X223-P2GF-V735", "aliases": [ "CVE-2026-55450", "CVE-2026-55450" ], "severity": "critical", "ecosystem": "pip", "package": "langflow", "summary": "Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak", "mitigation": null, "publishedAt": 1781721792000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-200", "CWE-306", "CWE-400" ], "references": [ "https://github.com/advisories/GHSA-x223-p2gf-v735", "https://github.com/langflow-ai/langflow/security/advisories/GHSA-x223-p2gf-v735", "https://github.com/langflow-ai/langflow/pull/12831" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-X223-P2GF-V735" }, { "id": "GHSA-R4GV-QR8J-P3PG", "aliases": [ "CVE-2026-55760", "CVE-2026-55760" ], "severity": "high", "ecosystem": "maven", "package": "com.github.jknack:handlebars", "summary": "handlebars.java FileTemplateLoader Path Traversal", "mitigation": null, "publishedAt": 1781721729000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-22" ], "references": [ "https://github.com/advisories/GHSA-r4gv-qr8j-p3pg", "https://github.com/jknack/handlebars.java/security/advisories/GHSA-r4gv-qr8j-p3pg", "https://github.com/advisories/GHSA-r4gv-qr8j-p3pg" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-R4GV-QR8J-P3PG" }, { "id": "GHSA-M9CV-24RX-8MV7", "aliases": [ "CVE-2026-55409", "CVE-2026-55409" ], "severity": "high", "ecosystem": "composer", "package": "filament/forms", "summary": "Filament: Disabled RichEditor field state can be used for XSS", "mitigation": null, "publishedAt": 1781721672000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-79" ], "references": [ "https://github.com/advisories/GHSA-m9cv-24rx-8mv7", "https://github.com/filamentphp/filament/security/advisories/GHSA-m9cv-24rx-8mv7", "https://github.com/filamentphp/filament/pull/20029" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-M9CV-24RX-8MV7" }, { "id": "GHSA-2MFG-CC43-9PCJ", "aliases": [ "CVE-2026-55405", "CVE-2026-55405" ], "severity": "high", "ecosystem": "maven", "package": "dev.langchain4j:langchain4j-mariadb", "summary": "LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector", "mitigation": null, "publishedAt": 1781721596000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-89" ], "references": [ "https://github.com/advisories/GHSA-2mfg-cc43-9pcj", "https://github.com/langchain4j/langchain4j/security/advisories/GHSA-2mfg-cc43-9pcj", "https://github.com/advisories/GHSA-2mfg-cc43-9pcj" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-2MFG-CC43-9PCJ" }, { "id": "GHSA-GWXR-7H77-7777", "aliases": [ "CVE-2026-55636", "CVE-2026-55636" ], "severity": "medium", "ecosystem": "go", "package": "github.com/projectcapsule/capsule", "summary": "Capsule: Incomplete fix of CVE-2026-30963: singular/plural typo leaves namespaces/finalize unprotected", "mitigation": null, "publishedAt": 1781720052000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-863" ], "references": [ "https://github.com/advisories/GHSA-gwxr-7h77-7777", "https://github.com/projectcapsule/capsule/security/advisories/GHSA-gwxr-7h77-7777", "https://github.com/advisories/GHSA-gwxr-7h77-7777" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-GWXR-7H77-7777" }, { "id": "GHSA-MX8G-39Q3-5C79", "aliases": [ "CVE-2026-9595", "CVE-2026-9595" ], "severity": "medium", "ecosystem": "npm", "package": "webpack-dev-server", "summary": "webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies", "mitigation": null, "publishedAt": 1781720011000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-346", "CWE-441" ], "references": [ "https://github.com/advisories/GHSA-mx8g-39q3-5c79", "https://github.com/webpack/webpack-dev-server/security/advisories/GHSA-mx8g-39q3-5c79", "https://nvd.nist.gov/vuln/detail/CVE-2026-9595" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-MX8G-39Q3-5C79" }, { "id": "GHSA-72GW-MP4G-V24J", "aliases": [ "CVE-2026-5079", "CVE-2026-5079" ], "severity": "high", "ecosystem": "npm", "package": "multer", "summary": "Multer vulnerable to Denial of Service via deeply nested field names", "mitigation": null, "publishedAt": 1781719947000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-400" ], "references": [ "https://github.com/advisories/GHSA-72gw-mp4g-v24j", "https://github.com/expressjs/multer/security/advisories/GHSA-72gw-mp4g-v24j", "https://nvd.nist.gov/vuln/detail/CVE-2026-5079" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-72GW-MP4G-V24J" }, { "id": "GHSA-3P4H-7M6X-2HCM", "aliases": [ "CVE-2026-5038", "CVE-2026-5038" ], "severity": "medium", "ecosystem": "npm", "package": "multer", "summary": "Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads", "mitigation": null, "publishedAt": 1781719908000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-459" ], "references": [ "https://github.com/advisories/GHSA-3p4h-7m6x-2hcm", "https://github.com/expressjs/multer/security/advisories/GHSA-3p4h-7m6x-2hcm", "https://nvd.nist.gov/vuln/detail/CVE-2026-5038" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-3P4H-7M6X-2HCM" }, { "id": "GHSA-J5R2-4C8J-XC3M", "aliases": [ "CVE-2026-25779", "CVE-2026-25779" ], "severity": "medium", "ecosystem": "go", "package": "github.com/go-gitea/gitea", "summary": "Gitea: Open Redirect via redirect_to", "mitigation": null, "publishedAt": 1781719846000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-601" ], "references": [ "https://github.com/advisories/GHSA-j5r2-4c8j-xc3m", "https://github.com/go-gitea/gitea/security/advisories/GHSA-j5r2-4c8j-xc3m", "https://github.com/advisories/GHSA-j5r2-4c8j-xc3m" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-J5R2-4C8J-XC3M" }, { "id": "GHSA-9CPJ-QC93-VW8V", "aliases": [ "CVE-2026-28737", "CVE-2026-28737" ], "severity": "high", "ecosystem": "go", "package": "code.gitea.io/gitea", "summary": "Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer", "mitigation": null, "publishedAt": 1781719819000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-79" ], "references": [ "https://github.com/advisories/GHSA-9cpj-qc93-vw8v", "https://github.com/go-gitea/gitea/security/advisories/GHSA-9cpj-qc93-vw8v", "https://github.com/advisories/GHSA-9cpj-qc93-vw8v" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-9CPJ-QC93-VW8V" }, { "id": "GHSA-WRR5-99H5-GQ57", "aliases": [ "CVE-2026-24791", "CVE-2026-24791" ], "severity": "high", "ecosystem": "go", "package": "code.gitea.io/gitea", "summary": "Gitea: Public-only tokens bypass private-resource restrictions on `/api/v1/user` self routes", "mitigation": null, "publishedAt": 1781719781000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-863" ], "references": [ "https://github.com/advisories/GHSA-wrr5-99h5-gq57", "https://github.com/go-gitea/gitea/security/advisories/GHSA-wrr5-99h5-gq57", "https://github.com/advisories/GHSA-wrr5-99h5-gq57" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-WRR5-99H5-GQ57" }, { "id": "GHSA-FHX7-M96W-MV29", "aliases": [ "CVE-2026-22555", "CVE-2026-22555" ], "severity": "high", "ecosystem": "go", "package": "code.gitea.io/gitea", "summary": "Gitea: API Fork Missing CanCreateOrgRepo Check Allows Org Secret Exfiltration", "mitigation": null, "publishedAt": 1781719680000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-863" ], "references": [ "https://github.com/advisories/GHSA-fhx7-m96w-mv29", "https://github.com/go-gitea/gitea/security/advisories/GHSA-fhx7-m96w-mv29", "https://github.com/advisories/GHSA-fhx7-m96w-mv29" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-FHX7-M96W-MV29" }, { "id": "GHSA-QWXF-2M7M-2M3X", "aliases": [ "CVE-2026-54324", "CVE-2026-54324" ], "severity": "medium", "ecosystem": "go", "package": "github.com/daytonaio/daytona", "summary": "Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join", "mitigation": null, "publishedAt": 1781719650000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-639", "CWE-863" ], "references": [ "https://github.com/advisories/GHSA-qwxf-2m7m-2m3x", "https://github.com/daytonaio/daytona/security/advisories/GHSA-qwxf-2m7m-2m3x", "https://github.com/advisories/GHSA-qwxf-2m7m-2m3x" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-QWXF-2M7M-2M3X" }, { "id": "GHSA-FG94-H982-F3MM", "aliases": [ "CVE-2026-54316", "CVE-2026-54316" ], "severity": "medium", "ecosystem": "npm", "package": "@anthropic-ai/claude-code", "summary": "Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch", "mitigation": null, "publishedAt": 1781719566000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-183", "CWE-200", "CWE-515" ], "references": [ "https://github.com/advisories/GHSA-fg94-h982-f3mm", "https://github.com/anthropics/claude-code/security/advisories/GHSA-fg94-h982-f3mm", "https://github.com/advisories/GHSA-fg94-h982-f3mm" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-FG94-H982-F3MM" }, { "id": "GHSA-8788-J68R-3CGH", "aliases": [ "CVE-2026-54022", "CVE-2026-54022" ], "severity": "medium", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI: Any authenticated user can read other users' private notes via Socket.IO", "mitigation": null, "publishedAt": 1781719521000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-706", "CWE-863" ], "references": [ "https://github.com/advisories/GHSA-8788-j68r-3cgh", "https://github.com/open-webui/open-webui/security/advisories/GHSA-8788-j68r-3cgh", "https://github.com/advisories/GHSA-8788-j68r-3cgh" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-8788-J68R-3CGH" }, { "id": "GHSA-9RPJ-V7HF-VV2W", "aliases": [ "CVE-2026-54021", "CVE-2026-54021" ], "severity": "medium", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter", "mitigation": null, "publishedAt": 1781719310000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-863" ], "references": [ "https://github.com/advisories/GHSA-9rpj-v7hf-vv2w", "https://github.com/open-webui/open-webui/security/advisories/GHSA-9rpj-v7hf-vv2w", "https://github.com/advisories/GHSA-9rpj-v7hf-vv2w" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-9RPJ-V7HF-VV2W" }, { "id": "GHSA-P5CP-R7RG-QPXC", "aliases": [ "CVE-2026-54019", "CVE-2026-54019" ], "severity": "medium", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode", "mitigation": null, "publishedAt": 1781719063000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-862", "CWE-943" ], "references": [ "https://github.com/advisories/GHSA-p5cp-r7rg-qpxc", "https://github.com/open-webui/open-webui/security/advisories/GHSA-p5cp-r7rg-qpxc", "https://github.com/advisories/GHSA-p5cp-r7rg-qpxc" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-P5CP-R7RG-QPXC" }, { "id": "GHSA-JRFP-M64G-PCWV", "aliases": [ "CVE-2026-54018", "CVE-2026-54018" ], "severity": "high", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects", "mitigation": null, "publishedAt": 1781718944000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-918" ], "references": [ "https://github.com/advisories/GHSA-jrfp-m64g-pcwv", "https://github.com/open-webui/open-webui/security/advisories/GHSA-jrfp-m64g-pcwv", "https://github.com/advisories/GHSA-jrfp-m64g-pcwv" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-JRFP-M64G-PCWV" }, { "id": "GHSA-R2WG-2MCR-66RV", "aliases": [ "CVE-2026-54017", "CVE-2026-54017" ], "severity": "high", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal", "mitigation": null, "publishedAt": 1781718928000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-22", "CWE-918" ], "references": [ "https://github.com/advisories/GHSA-r2wg-2mcr-66rv", "https://github.com/open-webui/open-webui/security/advisories/GHSA-r2wg-2mcr-66rv", "https://github.com/advisories/GHSA-r2wg-2mcr-66rv" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-R2WG-2MCR-66RV" }, { "id": "GHSA-RJXQ-QQHF-8HWH", "aliases": [ "CVE-2026-53840", "CVE-2026-53840" ], "severity": "high", "ecosystem": "npm", "package": "openclaw", "summary": "OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin", "mitigation": null, "publishedAt": 1781718906000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-200" ], "references": [ "https://github.com/advisories/GHSA-rjxq-qqhf-8hwh", "https://github.com/openclaw/openclaw/security/advisories/GHSA-rjxq-qqhf-8hwh", "https://nvd.nist.gov/vuln/detail/CVE-2026-53840" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-RJXQ-QQHF-8HWH" }, { "id": "GHSA-CX9V-4QJ2-JRW6", "aliases": [ "CVE-2026-54016", "CVE-2026-54016" ], "severity": "medium", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration", "mitigation": null, "publishedAt": 1781706676000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-862" ], "references": [ "https://github.com/advisories/GHSA-cx9v-4qj2-jrw6", "https://github.com/open-webui/open-webui/security/advisories/GHSA-cx9v-4qj2-jrw6", "https://github.com/advisories/GHSA-cx9v-4qj2-jrw6" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-CX9V-4QJ2-JRW6" }, { "id": "GHSA-4R4W-2WGP-W7CJ", "aliases": [ "CVE-2026-54015", "CVE-2026-54015" ], "severity": "medium", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion", "mitigation": null, "publishedAt": 1781705810000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-284", "CWE-639" ], "references": [ "https://github.com/advisories/GHSA-4r4w-2wgp-w7cj", "https://github.com/open-webui/open-webui/security/advisories/GHSA-4r4w-2wgp-w7cj", "https://github.com/advisories/GHSA-4r4w-2wgp-w7cj" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-4R4W-2WGP-W7CJ" }, { "id": "GHSA-J2C8-V969-8R5C", "aliases": [ "CVE-2026-54014", "CVE-2026-54014" ], "severity": "medium", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI: Sibling-Prefix Path Traversal via /cache/{path}", "mitigation": null, "publishedAt": 1781705785000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-22" ], "references": [ "https://github.com/advisories/GHSA-j2c8-v969-8r5c", "https://github.com/open-webui/open-webui/security/advisories/GHSA-j2c8-v969-8r5c", "https://github.com/advisories/GHSA-j2c8-v969-8r5c" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-J2C8-V969-8R5C" }, { "id": "GHSA-V2QM-5WXJ-QHJ7", "aliases": [ "CVE-2026-54013", "CVE-2026-54013" ], "severity": "high", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI: Stored XSS to Account Takeover via Model Profile Images ", "mitigation": null, "publishedAt": 1781705752000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-79", "CWE-116", "CWE-693" ], "references": [ "https://github.com/advisories/GHSA-v2qm-5wxj-qhj7", "https://github.com/open-webui/open-webui/security/advisories/GHSA-v2qm-5wxj-qhj7", "https://github.com/advisories/GHSA-v2qm-5wxj-qhj7" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-V2QM-5WXJ-QHJ7" }, { "id": "GHSA-VJQM-6GCC-62CR", "aliases": [ "CVE-2026-54012", "CVE-2026-54012" ], "severity": "high", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion", "mitigation": null, "publishedAt": 1781705733000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-284", "CWE-285", "CWE-862" ], "references": [ "https://github.com/advisories/GHSA-vjqm-6gcc-62cr", "https://github.com/open-webui/open-webui/security/advisories/GHSA-vjqm-6gcc-62cr", "https://github.com/advisories/GHSA-vjqm-6gcc-62cr" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-VJQM-6GCC-62CR" }, { "id": "GHSA-V8QJ-HXV7-MGVV", "aliases": [ "CVE-2026-54011", "CVE-2026-54011" ], "severity": "high", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI: Stored XSS in Mermaid Markdown Preview", "mitigation": null, "publishedAt": 1781705645000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-79" ], "references": [ "https://github.com/advisories/GHSA-v8qj-hxv7-mgvv", "https://github.com/open-webui/open-webui/security/advisories/GHSA-v8qj-hxv7-mgvv", "https://github.com/advisories/GHSA-v8qj-hxv7-mgvv" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-V8QJ-HXV7-MGVV" }, { "id": "GHSA-VRHC-3FR6-PC3C", "aliases": [ "CVE-2026-54010", "CVE-2026-54010" ], "severity": "high", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI: Forged chat-file link allows cross-user file read and deletion", "mitigation": null, "publishedAt": 1781705540000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-284", "CWE-639", "CWE-862" ], "references": [ "https://github.com/advisories/GHSA-vrhc-3fr6-pc3c", "https://github.com/open-webui/open-webui/security/advisories/GHSA-vrhc-3fr6-pc3c", "https://github.com/open-webui/open-webui/pull/24755" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-VRHC-3FR6-PC3C" }, { "id": "GHSA-WCH8-MHJ5-9FRG", "aliases": [ "CVE-2026-54009", "CVE-2026-54009" ], "severity": "medium", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field", "mitigation": null, "publishedAt": 1781705504000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-639" ], "references": [ "https://github.com/advisories/GHSA-wch8-mhj5-9frg", "https://github.com/open-webui/open-webui/security/advisories/GHSA-wch8-mhj5-9frg", "https://github.com/advisories/GHSA-wch8-mhj5-9frg" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-WCH8-MHJ5-9FRG" }, { "id": "GHSA-226F-F24G-524W", "aliases": [ "CVE-2026-54008", "CVE-2026-54008" ], "severity": "high", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling of CVE-2026-45401)", "mitigation": null, "publishedAt": 1781705456000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-918" ], "references": [ "https://github.com/advisories/GHSA-226f-f24g-524w", "https://github.com/open-webui/open-webui/security/advisories/GHSA-226f-f24g-524w", "https://github.com/advisories/GHSA-226f-f24g-524w" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-226F-F24G-524W" }, { "id": "GHSA-3VV5-8XXP-4F55", "aliases": [ "CVE-2026-54007", "CVE-2026-54007" ], "severity": "high", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI: Cross-origin postMessage confirmation bypass via action:submit", "mitigation": null, "publishedAt": 1781705435000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-346" ], "references": [ "https://github.com/advisories/GHSA-3vv5-8xxp-4f55", "https://github.com/open-webui/open-webui/security/advisories/GHSA-3vv5-8xxp-4f55", "https://github.com/advisories/GHSA-3vv5-8xxp-4f55" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-3VV5-8XXP-4F55" }, { "id": "GHSA-F3G7-59QC-PQG6", "aliases": [ "CVE-2026-54006", "CVE-2026-54006" ], "severity": "medium", "ecosystem": "pip", "package": "open-webui", "summary": "Open WebUI IDOR: Calendar event re-parenting allows writing events into another user's calendar", "mitigation": null, "publishedAt": 1781705393000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-639" ], "references": [ "https://github.com/advisories/GHSA-f3g7-59qc-pqg6", "https://github.com/open-webui/open-webui/security/advisories/GHSA-f3g7-59qc-pqg6", "https://github.com/advisories/GHSA-f3g7-59qc-pqg6" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-F3G7-59QC-PQG6" }, { "id": "GHSA-HMCR-RMJQ-47QR", "aliases": [ "CVE-2026-53931", "CVE-2026-53931" ], "severity": "medium", "ecosystem": "npm", "package": "nocodb", "summary": "NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint", "mitigation": null, "publishedAt": 1781705306000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-441", "CWE-918" ], "references": [ "https://github.com/advisories/GHSA-hmcr-rmjq-47qr", "https://github.com/nocodb/nocodb/security/advisories/GHSA-hmcr-rmjq-47qr", "https://github.com/advisories/GHSA-hmcr-rmjq-47qr" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-HMCR-RMJQ-47QR" }, { "id": "GHSA-H6VV-PCQ8-7XM4", "aliases": [ "CVE-2026-53930", "CVE-2026-53930" ], "severity": "medium", "ecosystem": "npm", "package": "nocodb", "summary": "NocoDB: Server-Side Request Forgery via Base Migration URL", "mitigation": null, "publishedAt": 1781705284000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-918" ], "references": [ "https://github.com/advisories/GHSA-h6vv-pcq8-7xm4", "https://github.com/nocodb/nocodb/security/advisories/GHSA-h6vv-pcq8-7xm4", "https://github.com/advisories/GHSA-h6vv-pcq8-7xm4" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-H6VV-PCQ8-7XM4" }, { "id": "GHSA-6MHR-74X2-98V9", "aliases": [ "CVE-2026-53929", "CVE-2026-53929" ], "severity": "medium", "ecosystem": "npm", "package": "nocodb", "summary": "NocoDB: Stored Cross-Site Scripting via Secure Attachment", "mitigation": null, "publishedAt": 1781705272000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-79" ], "references": [ "https://github.com/advisories/GHSA-6mhr-74x2-98v9", "https://github.com/nocodb/nocodb/security/advisories/GHSA-6mhr-74x2-98v9", "https://github.com/advisories/GHSA-6mhr-74x2-98v9" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-6MHR-74X2-98V9" }, { "id": "GHSA-R989-7G3J-WJHW", "aliases": [ "CVE-2026-53928", "CVE-2026-53928" ], "severity": "medium", "ecosystem": "npm", "package": "nocodb", "summary": "NocoDB: Refresh Tokens Persist Through Password Recovery", "mitigation": null, "publishedAt": 1781705253000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-613" ], "references": [ "https://github.com/advisories/GHSA-r989-7g3j-wjhw", "https://github.com/nocodb/nocodb/security/advisories/GHSA-r989-7g3j-wjhw", "https://github.com/advisories/GHSA-r989-7g3j-wjhw" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-R989-7G3J-WJHW" }, { "id": "GHSA-GPRH-27J3-G5H4", "aliases": [ "CVE-2026-53927", "CVE-2026-53927" ], "severity": "medium", "ecosystem": "npm", "package": "nocodb", "summary": "NocoDB: Server-Side Request Forgery via Spreadsheet Fetch URL", "mitigation": null, "publishedAt": 1781705203000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-918" ], "references": [ "https://github.com/advisories/GHSA-gprh-27j3-g5h4", "https://github.com/nocodb/nocodb/security/advisories/GHSA-gprh-27j3-g5h4", "https://github.com/advisories/GHSA-gprh-27j3-g5h4" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-GPRH-27J3-G5H4" }, { "id": "GHSA-6PR9-RP53-2PMC", "aliases": [ "CVE-2026-54233", "CVE-2026-54233" ], "severity": "medium", "ecosystem": "pip", "package": "vllm", "summary": "vLLM: OOM Denial of Service via Audio Decompression Bomb", "mitigation": null, "publishedAt": 1781705182000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-409" ], "references": [ "https://github.com/advisories/GHSA-6pr9-rp53-2pmc", "https://github.com/vllm-project/vllm/security/advisories/GHSA-6pr9-rp53-2pmc", "https://github.com/vllm-project/vllm/pull/44970" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-6PR9-RP53-2PMC" }, { "id": "GHSA-HGG8-FQQC-VFMW", "aliases": [ "CVE-2026-54236", "CVE-2026-54236" ], "severity": "medium", "ecosystem": "pip", "package": "vllm", "summary": "vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router", "mitigation": null, "publishedAt": 1781705049000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-532" ], "references": [ "https://github.com/advisories/GHSA-hgg8-fqqc-vfmw", "https://github.com/vllm-project/vllm/security/advisories/GHSA-hgg8-fqqc-vfmw", "https://github.com/vllm-project/vllm/pull/45119" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-HGG8-FQQC-VFMW" }, { "id": "GHSA-5JV2-G5WQ-CMR4", "aliases": [ "CVE-2026-53923", "CVE-2026-53923" ], "severity": "medium", "ecosystem": "pip", "package": "vllm", "summary": "vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving", "mitigation": null, "publishedAt": 1781704991000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-200", "CWE-681" ], "references": [ "https://github.com/advisories/GHSA-5jv2-g5wq-cmr4", "https://github.com/vllm-project/vllm/security/advisories/GHSA-5jv2-g5wq-cmr4", "https://github.com/vllm-project/vllm/pull/44971" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-5JV2-G5WQ-CMR4" }, { "id": "GHSA-8JR5-V98P-W75M", "aliases": [], "severity": "medium", "ecosystem": "pip", "package": "vllm", "summary": "vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations", "mitigation": null, "publishedAt": 1781704962000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-436" ], "references": [ "https://github.com/advisories/GHSA-8jr5-v98p-w75m", "https://github.com/vllm-project/vllm/security/advisories/GHSA-8jr5-v98p-w75m", "https://github.com/vllm-project/vllm/pull/44974" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-8JR5-V98P-W75M" }, { "id": "GHSA-7H4P-RFFG-7823", "aliases": [ "CVE-2026-54235", "CVE-2026-54235" ], "severity": "medium", "ecosystem": "pip", "package": "vllm", "summary": "vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels", "mitigation": null, "publishedAt": 1781704942000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-1287" ], "references": [ "https://github.com/advisories/GHSA-7h4p-rffg-7823", "https://github.com/vllm-project/vllm/security/advisories/GHSA-7h4p-rffg-7823", "https://github.com/vllm-project/vllm/pull/45116" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-7H4P-RFFG-7823" }, { "id": "GHSA-3G6V-2R68-PRFC", "aliases": [ "CVE-2026-54761", "CVE-2026-54761" ], "severity": "medium", "ecosystem": "go", "package": "github.com/traefik/traefik/v3", "summary": "Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services", "mitigation": null, "publishedAt": 1781704908000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-284", "CWE-863" ], "references": [ "https://github.com/advisories/GHSA-3g6v-2r68-prfc", "https://github.com/traefik/traefik/security/advisories/GHSA-3g6v-2r68-prfc", "https://github.com/traefik/traefik/releases/tag/v3.6.21" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-3G6V-2R68-PRFC" }, { "id": "GHSA-3PVJ-JV98-QHJQ", "aliases": [ "CVE-2026-53765", "CVE-2026-53765" ], "severity": "medium", "ecosystem": "npm", "package": "chrome-devtools-mcp", "summary": "Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory", "mitigation": null, "publishedAt": 1781704864000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-59" ], "references": [ "https://github.com/advisories/GHSA-3pvj-jv98-qhjq", "https://github.com/ChromeDevTools/chrome-devtools-mcp/security/advisories/GHSA-3pvj-jv98-qhjq", "https://github.com/advisories/GHSA-3pvj-jv98-qhjq" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-3PVJ-JV98-QHJQ" }, { "id": "GHSA-664H-GPGQ-H6XX", "aliases": [], "severity": "medium", "ecosystem": "npm", "package": "n8n", "summary": "n8n: Wrong OAuth Scope on Evaluation Test Runs Endpoints", "mitigation": null, "publishedAt": 1781704559000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-863" ], "references": [ "https://github.com/advisories/GHSA-664h-gpgq-h6xx", "https://github.com/n8n-io/n8n/security/advisories/GHSA-664h-gpgq-h6xx", "https://github.com/advisories/GHSA-664h-gpgq-h6xx" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-664H-GPGQ-H6XX" }, { "id": "GHSA-MQXH-6GQ7-558M", "aliases": [ "CVE-2026-54325", "CVE-2026-54325" ], "severity": "medium", "ecosystem": "npm", "package": "@earendil-works/pi-coding-agent", "summary": "Pi Agent: Pi loads project-local extensions without approval", "mitigation": null, "publishedAt": 1781704544000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-829" ], "references": [ "https://github.com/advisories/GHSA-mqxh-6gq7-558m", "https://github.com/earendil-works/pi/security/advisories/GHSA-mqxh-6gq7-558m", "https://github.com/earendil-works/pi/commit/38f18be44727e669eb0a6e2eb8edb51b0232d83c" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-MQXH-6GQ7-558M" }, { "id": "GHSA-JFGX-WXX8-MP94", "aliases": [ "CVE-2026-54328", "CVE-2026-54328" ], "severity": "high", "ecosystem": "npm", "package": "@earendil-works/pi-coding-agent", "summary": "Pi Agent: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts", "mitigation": null, "publishedAt": 1781704513000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-379" ], "references": [ "https://github.com/advisories/GHSA-jfgx-wxx8-mp94", "https://github.com/earendil-works/pi/security/advisories/GHSA-jfgx-wxx8-mp94", "https://github.com/earendil-works/pi/pull/5345" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-JFGX-WXX8-MP94" }, { "id": "GHSA-R95R-RJ6R-C39X", "aliases": [ "CVE-2026-54327", "CVE-2026-54327" ], "severity": "low", "ecosystem": "npm", "package": "@mariozechner/pi-coding-agent", "summary": "Pi Agent: Race condition in Pi auth.json writes could expose stored credentials", "mitigation": null, "publishedAt": 1781704477000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-367", "CWE-732" ], "references": [ "https://github.com/advisories/GHSA-r95r-rj6r-c39x", "https://github.com/earendil-works/pi/security/advisories/GHSA-r95r-rj6r-c39x", "https://github.com/earendil-works/pi/commit/135fb545f99106a4a249274f129b90bc0a77d347" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-R95R-RJ6R-C39X" }, { "id": "GHSA-CRMM-HGP2-WGRP", "aliases": [], "severity": "medium", "ecosystem": "composer", "package": "laravel/framework", "summary": "Laravel Framework: Temporary Signed URL Path Confusion", "mitigation": null, "publishedAt": 1781704453000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-116" ], "references": [ "https://github.com/advisories/GHSA-crmm-hgp2-wgrp", "https://github.com/laravel/framework/security/advisories/GHSA-crmm-hgp2-wgrp", "https://github.com/laravel/framework/pull/60137" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-CRMM-HGP2-WGRP" }, { "id": "GHSA-5VG9-5847-VVMQ", "aliases": [], "severity": "high", "ecosystem": "composer", "package": "laravel/framework", "summary": "Laravel Framework: CRLF injection in default email rule ", "mitigation": null, "publishedAt": 1781704424000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-93" ], "references": [ "https://github.com/advisories/GHSA-5vg9-5847-vvmq", "https://github.com/laravel/framework/security/advisories/GHSA-5vg9-5847-vvmq", "https://github.com/advisories/GHSA-5vg9-5847-vvmq" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-5VG9-5847-VVMQ" }, { "id": "GHSA-7V5M-PR3Q-6453", "aliases": [ "CVE-2026-54326", "CVE-2026-54326" ], "severity": "low", "ecosystem": "npm", "package": "@mariozechner/pi-coding-agent", "summary": "Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass", "mitigation": null, "publishedAt": 1781653395000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-79" ], "references": [ "https://github.com/advisories/GHSA-7v5m-pr3q-6453", "https://github.com/earendil-works/pi/security/advisories/GHSA-7v5m-pr3q-6453", "https://github.com/earendil-works/pi/commit/6cb23f9b5d5b6d1747672f535b167d0d809ac010" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-7V5M-PR3Q-6453" }, { "id": "GHSA-CR4G-F395-H25H", "aliases": [ "CVE-2026-20706", "CVE-2026-20706" ], "severity": "medium", "ecosystem": "go", "package": "code.gitea.io/gitea", "summary": "Gitea: Token scope bypass on web archive download endpoint", "mitigation": null, "publishedAt": 1781653324000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-863" ], "references": [ "https://github.com/advisories/GHSA-cr4g-f395-h25h", "https://github.com/go-gitea/gitea/security/advisories/GHSA-cr4g-f395-h25h", "https://github.com/advisories/GHSA-cr4g-f395-h25h" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-CR4G-F395-H25H" }, { "id": "GHSA-3FWP-P5RJ-2PXF", "aliases": [ "CVE-2026-27783", "CVE-2026-27783" ], "severity": "medium", "ecosystem": "go", "package": "code.gitea.io/gitea", "summary": "Gitea: Missing repository-unit authorization on issue-template API endpoints", "mitigation": null, "publishedAt": 1781653302000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-862" ], "references": [ "https://github.com/advisories/GHSA-3fwp-p5rj-2pxf", "https://github.com/go-gitea/gitea/security/advisories/GHSA-3fwp-p5rj-2pxf", "https://github.com/advisories/GHSA-3fwp-p5rj-2pxf" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-3FWP-P5RJ-2PXF" }, { "id": "GHSA-8629-VC8R-5P58", "aliases": [ "CVE-2026-25714", "CVE-2026-25714" ], "severity": "medium", "ecosystem": "go", "package": "code.gitea.io/gitea", "summary": "Gitea: Incomplete CVE-2025-68941 fix: /user/orgs missing checkTokenPublicOnly + switch-case logic flaw", "mitigation": null, "publishedAt": 1781653291000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-862" ], "references": [ "https://github.com/advisories/GHSA-8629-vc8r-5p58", "https://github.com/go-gitea/gitea/security/advisories/GHSA-8629-vc8r-5p58", "https://github.com/advisories/GHSA-8629-vc8r-5p58" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-8629-VC8R-5P58" }, { "id": "GHSA-MM7C-RHG6-QR4R", "aliases": [ "CVE-2026-26231", "CVE-2026-26231" ], "severity": "high", "ecosystem": "go", "package": "code.gitea.io/gitea", "summary": "Gitea: Authorization Bypass via \"Allow edits from maintainers\" allows unauthorized commits to any readable repo", "mitigation": null, "publishedAt": 1781653261000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-863" ], "references": [ "https://github.com/advisories/GHSA-mm7c-rhg6-qr4r", "https://github.com/go-gitea/gitea/security/advisories/GHSA-mm7c-rhg6-qr4r", "https://github.com/advisories/GHSA-mm7c-rhg6-qr4r" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-MM7C-RHG6-QR4R" }, { "id": "GHSA-9R5X-WG6M-X2RC", "aliases": [ "CVE-2026-28699", "CVE-2026-28699" ], "severity": "high", "ecosystem": "go", "package": "code.gitea.io/gitea", "summary": "Gitea: OAuth2 access token scope enforcement bypass via HTTP Basic authentication", "mitigation": null, "publishedAt": 1781653234000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-284", "CWE-863" ], "references": [ "https://github.com/advisories/GHSA-9r5x-wg6m-x2rc", "https://github.com/go-gitea/gitea/security/advisories/GHSA-9r5x-wg6m-x2rc", "https://github.com/advisories/GHSA-9r5x-wg6m-x2rc" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-9R5X-WG6M-X2RC" }, { "id": "GHSA-PM6V-2H4W-4RP2", "aliases": [ "CVE-2026-52797", "CVE-2026-52797" ], "severity": "high", "ecosystem": "go", "package": "gogs.io/gogs", "summary": "Gogs: Overwriting critical files results in a denial of service", "mitigation": null, "publishedAt": 1781653204000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-22" ], "references": [ "https://github.com/advisories/GHSA-pm6v-2h4w-4rp2", "https://github.com/gogs/gogs/security/advisories/GHSA-pm6v-2h4w-4rp2", "https://github.com/advisories/GHSA-pm6v-2h4w-4rp2" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-PM6V-2H4W-4RP2" }, { "id": "GHSA-QW24-GH76-8RVV", "aliases": [ "CVE-2026-49980", "CVE-2026-49980" ], "severity": "critical", "ecosystem": "go", "package": "github.com/rclone/rclone", "summary": "Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix", "mitigation": null, "publishedAt": 1781653181000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-306" ], "references": [ "https://github.com/advisories/GHSA-qw24-gh76-8rvv", "https://github.com/rclone/rclone/security/advisories/GHSA-qw24-gh76-8rvv", "https://github.com/advisories/GHSA-qw24-gh76-8rvv" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-QW24-GH76-8RVV" }, { "id": "GHSA-X6QJ-4H56-5RJ5", "aliases": [ "CVE-2026-49993", "CVE-2026-49993" ], "severity": "medium", "ecosystem": "npm", "package": "@nuxt/webpack-builder", "summary": "@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)", "mitigation": null, "publishedAt": 1781653156000, "zeroDay": false, "ransomware": false, "cwe": [ "CWE-749" ], "references": [ "https://github.com/advisories/GHSA-x6qj-4h56-5rj5", "https://github.com/nuxt/nuxt/security/advisories/GHSA-6m52-m754-pw2g", "https://github.com/nuxt/nuxt/security/advisories/GHSA-x6qj-4h56-5rj5" ], "category": "supply-chain", "url": "https://www.stateward.com/vulnerabilities/GHSA-X6QJ-4H56-5RJ5" }, { "id": "GHSA-M3Q2-P4FW-W38M", "aliases": [], "severity": "low", "ecosystem": "npm", "package": "nuxt", "summary": "Cross-site scripting via