{"vulnerability": "CVE-2026-28291", "sightings": [{"uuid": "c5c61292-ba88-45e4-afc8-c9ced0c5c320", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-28291", "type": "published-proof-of-concept", "source": "Telegram/61DYlWTca6IkcT_FpN2RYBtwr9MKXFEKysLP63-1xRoUERI", "content": "", "creation_timestamp": "2026-04-13T19:19:04.000000Z"}, {"uuid": "bd2858c4-7a6e-4e78-b520-dfde2de31f15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-28291", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mjfi5dfcmd2w", "content": "", "creation_timestamp": "2026-04-13T18:19:40.050368Z"}, {"uuid": "0667539c-9447-4e41-8f9b-c860f97bda69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-28291", "type": "published-proof-of-concept", "source": "https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287", "content": "", "creation_timestamp": "2026-04-12T15:13:14.000000Z"}, {"uuid": "91476def-cf85-407e-9ae8-780dc70e3dfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-28291", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mlrqatpoi22y", "content": "\ud83d\udccc CVE-2026-28291 - simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git ... https://www.cyberhub.blog/cves/CVE-2026-28291", "creation_timestamp": "2026-05-14T02:07:07.660477Z"}]}