Pruva PRUVA

Browse Reproductions

55 verified reproductions

RSS Feed
REPRO-2026-00076 published

MCP Server Git: Path Traversal via Missing Repository Path Validation

Security medium pip
mcp-server-git
11m 29s Jan 21, 2026
GHSA-j22h-9j4x-23w5 CVE-2025-68145
REPRO-2026-00072 published

Apache bRPC: Remote Command Injection in Heap Profiler

Security high cpp
brpc
47m 53s Jan 21, 2026
REPRO-2026-00070 published

wlc: Path traversal via unsanitized API slugs in download command

Security high pip
wlc
20m 59s Jan 17, 2026
GHSA-mmwx-79f6-67jg CVE-2026-23535
REPRO-2026-00067 published

Svelte XSS via textarea bind:value in SSR

Security high npm
svelte
8m 49s Jan 17, 2026
GHSA-gw32-9rmw-qwww
REPRO-2026-00066 published

Skipper Lua Filter Arbitrary Code Execution

Security high go
github.com/zalando/skipper
9m 5s Jan 17, 2026
GHSA-cc8m-98fm-rc9g
REPRO-2026-00065 published

node-tar Arbitrary File Overwrite via Hardlink Escape

Security high npm
tar
6m 8s Jan 17, 2026
GHSA-8qq5-rm4j-mr97
REPRO-2026-00064 published

node-tar Arbitrary File Overwrite via Hardlink Escape

Security high npm
tar
6m 8s Jan 17, 2026
GHSA-8qq5-rm4j-mr97
REPRO-2026-00063 published

deepdiff: Class Pollution RCE via Delta Tuple Path Bypass

Security critical pip
deepdiff
1m 7s Jan 13, 2026
GHSA-mw26-5g2v-hqw3 CVE-2025-58367
REPRO-2026-00062 published

langgraph-checkpoint: Constructor Deserialization RCE in JsonPlusSerializer

Security high pip
langgraph-checkpoint
1m 7s Jan 12, 2026
GHSA-wwqv-p2pp-99h5 CVE-2025-64439
REPRO-2026-00061 published

python-socketio: Pickle Deserialization RCE in PubSub Manager

Security medium pip
python-socketio
1m 5s Jan 12, 2026
GHSA-g8c6-8fjj-2r4m CVE-2025-61765
REPRO-2026-00054 published

Craft CMS: Unauthenticated Database Backup Trigger

Security medium composer
craftcms/cms
36m 45s Jan 8, 2026
GHSA-v64r-7wg9-23pr CVE-2025-68456
REPRO-2026-00052 published

ComfyUI-Manager: Configuration File Exposure via Web-Accessible Path

Security high pip
ComfyUI-Manager
11m 32s Jan 8, 2026
GHSA-2hc9-cc65-xwj8 CVE-2025-67303
REPRO-2026-00045 published

BentoML RCE via Insecure Deserialization

Security critical pip
bentoml
16m 37s Jan 7, 2026
GHSA-33xw-247w-6hmc CVE-2025-27520
REPRO-2026-00044 published

jsPDF Local File Inclusion/Path Traversal in Node.js builds

Security critical npm
jspdf
8m 13s Jan 7, 2026
GHSA-f8cm-6447-x5h2 CVE-2025-68428
REPRO-2026-00001 published

Setuptools Path Traversal via PackageIndex.download

Security high pip
setuptools
14m 9s Jan 7, 2026
GHSA-5rjg-fvgr-3xxf CVE-2025-47273