
Exploitarium: A Consolidated Archive of Public Vulnerability Research and PoCs
Exploitarium is a consolidated open-disclosure archive of vulnerability research and exploit PoCs designed for educational purposes and community reporting.
Covers policies, practices, and debates around how software vulnerabilities are disclosed, including coordinated disclosure, embargoes, and responsible reporting norms.

Exploitarium is a consolidated open-disclosure archive of vulnerability research and exploit PoCs designed for educational purposes and community reporting.
A flaw in VSCode's keyboard event handling allows malicious repositories to steal GitHub tokens on github.dev by automatically installing rogue extensions.
GitHub is investigating unauthorized access to its internal repositories but reports no current impact on customer data.

Ramp's Sheets AI was vulnerable to a prompt injection attack that allowed malicious formulas to exfiltrate private financial data without user approval.
OpenClaw version 2026.3.28 fixes a critical authorization flaw that allowed users to escalate their privileges to admin via the device pairing process.

A security researcher has publicly disclosed critical jailbreak and data exfiltration vulnerabilities in Anthropic's Claude models following the company's failure to respond to private reports.
A massive influx of valid security reports is ending the era of secret embargoes and forcing a shift toward continuous software maintenance.