CVE-2026-44590: RCE via pull_request_target Injection > Supply Chain Compromise in Sherlock
Sherlock is one of those tools anyone who does OSINT has used at least once. You give it a username and it checks whether that identity exists across 400+ social networks and registration platforms. It is straightforward, fast, written in Python, and has a huge community: at the time of writing the official repository sits at around 83,000 stars on GitHub with hundreds of contributors. To give an idea of the potential blast radius in case of compromise, I collected some public metrics at the time of writing: ...