Achievements
Security advisories, CVEs, and responsible disclosure credits.
Security Advisories & CVEs
MISP — SQL Injection via Unvalidated Ordering Parameters
SQL injection in event and shadow attribute listings
GCVE-1-2026-0031MISP — Improper Access Control in Auth Key Reset
Privilege escalation to site administrator
GCVE-1-2026-0030LookyLoo — PlaywrightCapture Local File Access
Permits access to local files and internal network resources during page capture
GCVE-1-2026-0028bestpractical/RT — Privilege Escalation via REST 2.0
Privilege escalation and information disclosure via user collection endpoint
CVE-2026-44231Metabase — Security Advisory
Credited for responsible disclosure
GHSA-58qx-j9c7-4rq7AIL Framework — Stored XSS in Modal Item Preview
Stored XSS in modal item preview for long item content
GCVE-1-2026-0023AIL Framework — Stored XSS (CVE-2026-39416)
Stored XSS in modal item preview for long item content
CVE-2026-39416OpenProject.org — Cross-Project Meeting Agenda Injection
Meeting agenda item injection via unscoped section lookup
CVE-2026-40896PostgreSQL — pg_restore_attribute_stats Array Overflow
Accepts values that cause query planning to read past end of stats array
CVE-2026-6575MISP — Stored XSS in Link-Type Attributes
XSS via link-type attributes in MISP events
MISP v2.5.36