Browse Reproductions

99 verified reproductions

REPRO-2026-00130 published

pymetasploit3 command injection

Security critical PyPI

DanMcInerney/pymetasploit3

36m 8s Apr 4, 2026

REPRO-2026-00129 published

Go MCP SDK DNS Rebinding - Server-Side Request Forgery on AI Infrastructure

Security high Go module

github.com/modelcontextprotocol/go-sdk

38m 55s Apr 4, 2026

REPRO-2026-00128 published

Haraka Mail Server DoS via proto prototype pollution in email headers

Security high github

17m 5s Apr 4, 2026

REPRO-2026-00127 published

cpp-httplib HTTP Request Smuggling via Unconsumed GET Request Body

Security high github

yhirose/cpp-httplib

61m 29s Apr 4, 2026

REPRO-2026-00126 published

Cesanta Mongoose mDNS Stack Buffer Overflow - Remote Code Execution PoC

Security critical github

cesanta/mongoose

53m 53s Apr 2, 2026

REPRO-2026-00125 published

Grafana SQL Expressions RCE

Security critical github

grafana/grafana

59m 16s Apr 1, 2026

REPRO-2026-00124 published

Vim modeline handling for the tabpanel option allows sandbox escape via autocmd_add, enabling OS command execution when opening a crafted file.

Security high github

19m 38s Apr 1, 2026

GHSA-2GMJ-RPQF-PXVH CVE-2026-34714

REPRO-2026-00119 published

PyTorch: weights_only Unpickler RCE via SETITEM Type Confusion

Security high pip

48m 8s Mar 2, 2026

GHSA-63cw-57p8-fm3p CVE-2026-24747

REPRO-2026-00118 published

cve-2026-21518

Security medium

40m 34s Feb 21, 2026

REPRO-2026-00115 published

eBay MCP Server Environment Variable Injection via Crafted Prompts

Security critical npm

@anthropic-ai/ebay-mcp-server

11m 39s Feb 20, 2026

GHSA-97rm-xj73-33jh CVE-2026-27203

REPRO-2026-00114 published

D-Tale Remote Code Execution via Custom Filter Input

Security critical pip

11m 53s Feb 20, 2026

GHSA-c87c-78rc-vmv2 CVE-2026-27194

REPRO-2026-00113 published

Feathers OAuth Authorization Header Leak to Third-Party

Security high npm

@feathersjs/authentication-oauth

7m 45s Feb 20, 2026

GHSA-9m9c-vpv5-9g85 CVE-2026-27192

REPRO-2026-00112 published

Statamic CMS Stored XSS via Markdown Fieldtype

Security high composer

7m 48s Feb 20, 2026

GHSA-8r7r-f4gm-wcpq CVE-2026-27197

REPRO-2026-00111 published

Formwork CMS Improper Privilege Management in User Creation

Security high composer

getformwork/formwork

12m 42s Feb 20, 2026

GHSA-34p4-7w83-35g2 CVE-2026-27198

REPRO-2026-00110 published

Deno Command Injection via Incomplete Metacharacter Blocklist

Security high rust

10m 5s Feb 20, 2026

GHSA-hmh4-3xvx-q5hr CVE-2026-27190

REPRO-2026-00109 published

Feathers OAuth Open Redirect Account Takeover

Security high npm

@feathersjs/authentication-oauth

12m 54s Feb 20, 2026

GHSA-ppf9-4ffw-hh4p CVE-2026-27191

REPRO-2026-00108 published

Zumba JSON Serializer PHP Object Injection

Security high composer

zumba/json-serializer

11m 26s Feb 20, 2026

GHSA-v7m3-fpcr-h7m2 CVE-2026-27206

REPRO-2026-00107 published

Swiper Prototype Pollution

Security critical npm

10m 21s Feb 20, 2026

GHSA-hmx5-qpq5-p643 CVE-2026-27212

REPRO-2026-00106 published

Dagu Unauthenticated RCE via Inline DAG Spec

Security critical go

github.com/dagu-org/dagu

18m 38s Feb 20, 2026

GHSA-6qr9-g2xw-cw92

REPRO-2026-00105 published

Fabric.js: Stored XSS via SVG Export

Security high npm

16m 24s Feb 19, 2026

GHSA-hfvx-25r5-qc3w CVE-2026-27013