Security Vulnerability articles

3/6/2026 • EN

Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager

A detailed analysis of a prompt injection attack against Cline's GitHub repo, leading to cache poisoning and a compromised NPM release.

Cache Poisoning ci/cd Github Actions prompt injection Security Vulnerability

Simon Willison

3/6/2026 • EN

Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager

A detailed analysis of a prompt injection attack against Cline's GitHub repo, exploiting AI issue triage to poison caches and compromise production releases.

Cache Poisoning Github Actions prompt injection Security Vulnerability Workflow Secrets

Simon Willison

1/14/2026 • EN

Claude Cowork Exfiltrates Files

Security researchers found a vulnerability in Claude Cowork allowing data exfiltration via the Anthropic API, bypassing default HTTP restrictions.

Anthropic API API Security Data Exfiltration prompt injection Security Vulnerability

Simon Willison

12/19/2025 • EN

Introducing RSC Explorer

Introduces RSC Explorer, an open-source tool for visualizing and understanding the React Server Components protocol and its streaming behavior.

Debugging Tool react server components Rsc Protocol Security Vulnerability serialization

Dan Abramov

11/6/2025 • EN

Open redirect endpoint in Datasette prior to 0.65.2 and 1.0a21

Security advisory for Datasette open redirect vulnerability fixed in versions 0.65.2 and 1.0a21, including additional features.

Datasette Github Advisory Open Redirect Python Security Vulnerability

Simon Willison

10/28/2025 • EN

Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315

Analysis of CVE-2025-55315, a critical HTTP request smuggling vulnerability in ASP.NET Core with a CVSS 9.9 score, its impact, and mitigation.

Aspnet Core Cve 2025 55315 HTTP Request Smuggling Security Vulnerability web security

Andrew Lock

9/9/2025 • EN

Bug in Auditing allows for undetected Data Exfiltration by low privileged user

A security researcher details a SQL Server auditing bug that allows low-privilege users to exfiltrate sensitive data without detection.

Auditing Data Classification Data Exfiltration Security Vulnerability SQL Server

Andreas Wolter

1/26/2025 • EN

Responsible disclosure: improper access control in Gitlab private project.

A security researcher details a GitLab access control vulnerability, its disclosure timeline, and the communication issues with GitLab's security team.

Access Control Gitlab Private Projects Responsible Disclosure Security Vulnerability

Riccardo Padovani

1/26/2025 • EN

Responsible disclosure: retrieving a user's private Facebook friends.

A security researcher details a privacy flaw allowing retrieval of private Facebook friends via Instagram's signup process, and the responsible disclosure timeline.

Data Privacy Facebook API Instagram API Responsible Disclosure Security Vulnerability

Riccardo Padovani

4/27/2023 • EN

Disclosing a local file inclusion vulnerability in xmlhttprequest library

Discloses a Local File Inclusion vulnerability in the xmlhttprequest npm package, allowing arbitrary file reads due to insecure default permissions.

JavaScript Local File Inclusion Node.js NPM Package Security Vulnerability

Liran Tal

4/16/2023 • EN

Disclosing uncontrolled resource consumption in xmlhttprequest library

Discloses a CWE-400 uncontrolled resource consumption vulnerability in the xmlhttprequest npm package due to missing timeout controls.

Node.js NPM Package Resource Consumption Security Vulnerability Xmlhttprequest

Liran Tal

1/20/2020 • EN

Serious security vulnerability in GunDB (and new ones)

A security researcher details a critical path traversal vulnerability in GunDB that allowed reading server files and stealing AWS credentials.

AWS Credentials Gunj Node.js Path Traversal Security Vulnerability

Joonas Bergius

12/6/2018 • EN

Critical Vulnerability in Kubernetes API Server (CVE-2018-1002105)

Analysis of CVE-2018-1002105, a critical Kubernetes API server vulnerability allowing privilege escalation and arbitrary backend requests.

api server authentication Cve 2018 1002105 Kubernetes Security Vulnerability

Marco Lancini

9/18/2017 • EN

Surviving Apache Struts CVE-2017-5638

Analyzes the Apache Struts CVE-2017-5638 vulnerability, using the Equifax breach as a case study to explore architectural resilience against RCE attacks.

Apache Struts aws cybersecurity Remote Code Execution Security Vulnerability

Alex Gaynor

1/16/2014 • EN

SQL Server Row- and Cell-Level Security – Disclosure vulnerability

Explores a disclosure vulnerability in SQL Server's Row- and Cell-Level Security when implemented with views, demonstrating how protected data can be exposed.

Cell Level Security Database Security Row Level Security Security Vulnerability SQL Server

Andreas Wolter

Security Vulnerability Articles

Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager

Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager

Claude Cowork Exfiltrates Files

Introducing RSC Explorer

Open redirect endpoint in Datasette prior to 0.65.2 and 1.0a21

Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315

Bug in Auditing allows for undetected Data Exfiltration by low privileged user

Responsible disclosure: improper access control in Gitlab private project.

Responsible disclosure: retrieving a user's private Facebook friends.

Disclosing a local file inclusion vulnerability in xmlhttprequest library

Disclosing uncontrolled resource consumption in xmlhttprequest library

Serious security vulnerability in GunDB (and new ones)

Critical Vulnerability in Kubernetes API Server (CVE-2018-1002105)

Surviving Apache Struts CVE-2017-5638

SQL Server Row- and Cell-Level Security – Disclosure vulnerability

Select Language

We use cookies