Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,627
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,848
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,627 advisories

Loading
OpenFGA has Improper Policy Enforcement Moderate
CVE-2026-41131 was published for github.com/openfga/openfga (Go) Apr 22, 2026
bugbunny-research Credited to bugbunny-research
DDEV has ZipSlip path traversal in tar and zip archive extraction Moderate
CVE-2026-32885 was published for github.com/ddev/ddev (Go) Apr 22, 2026
SnailSploit Credited to SnailSploit
Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode Moderate
CVE-2026-25996 was published for github.com/inspektor-gadget/inspektor-gadget (Go) Apr 22, 2026
suidpit Credited to suidpit, ndaprela, eiffel-fl, and flyth ndaprela ndaprela
eiffel-fl eiffel-fl flyth flyth
Inspektor Gadget: Command Injection via malicious buildOptions manipulation Moderate
CVE-2026-24905 was published for github.com/inspektor-gadget/inspektor-gadget (Go) Apr 22, 2026
ndaprela Credited to ndaprela, suidpit, eiffel-fl, and burak-ok suidpit suidpit
eiffel-fl eiffel-fl burak-ok burak-ok
Daptin: SQL injection via unvalidated goqu.L() calls in aggregate API High
CVE-2026-41422 was published for github.com/daptin/daptin (Go) Apr 22, 2026
VashuVats Credited to VashuVats
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution Critical
CVE-2026-41179 was published for github.com/rclone/rclone (Go) Apr 22, 2026
0wnerDied Credited to 0wnerDied and ncw ncw ncw
Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution Critical
CVE-2026-41176 was published for github.com/rclone/rclone (Go) Apr 22, 2026
0wnerDied Credited to 0wnerDied and ncw ncw ncw
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access Critical
CVE-2026-41070 was published for github.com/jkroepke/openvpn-auth-oauth2 (Go) Apr 22, 2026
kkalev Credited to kkalev
Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE High
CVE-2026-40938 was published for github.com/tektoncd/pipeline (Go) Apr 21, 2026
offset Credited to offset, vdemeester, and kodareef5 vdemeester vdemeester
kodareef5 kodareef5
Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion Moderate
CVE-2026-40924 was published for github.com/tektoncd/pipeline (Go) Apr 21, 2026
offset Credited to offset and vdemeester vdemeester vdemeester
Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check Moderate
CVE-2026-40923 was published for github.com/tektoncd/pipeline (Go) Apr 21, 2026
kodareef5 Credited to kodareef5, vdemeester, and aThorp96 vdemeester vdemeester
aThorp96 aThorp96
free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation Moderate
CVE-2026-40343 was published for github.com/free5gc/udr (Go) Apr 21, 2026
Giancannella Credited to Giancannella
Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL High
CVE-2026-40161 was published for github.com/tektoncd/pipeline (Go) Apr 21, 2026
kodareef5 Credited to kodareef5 and vdemeester vdemeester vdemeester
OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation Low
CVE-2026-40264 was published for github.com/openbao/openbao (Go) Apr 21, 2026
Zwique Credited to Zwique
OpenBao's SQL Injection in PostgreSQL database secrets engine Moderate
CVE-2026-39946 was published for github.com/openbao/openbao (Go) Apr 21, 2026
jmecom Credited to jmecom
OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) Low
CVE-2026-39396 was published for github.com/openbao/openbao (Go) Apr 21, 2026
n1rwhex Credited to n1rwhex
OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate Low
CVE-2026-39388 was published for github.com/openbao/openbao (Go) Apr 21, 2026
jmecom Credited to jmecom
Neko has a Self-service Privilege Escalation for Authenticated Users High
CVE-2026-39386 was published for github.com/m1k1o/neko/server (Go) Apr 21, 2026
blitzkrieg-patch Credited to blitzkrieg-patch
Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching Moderate
CVE-2026-25542 was published for github.com/tektoncd/pipeline (Go) Apr 21, 2026
1seal Credited to 1seal, offset, and vdemeester offset offset
vdemeester vdemeester
Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints High
CVE-2026-34403 was published for github.com/0xJacky/Nginx-UI (Go) Apr 21, 2026
Nginx-UI: Disabled users retain full API access through previously issued bearer tokens High
CVE-2026-33031 was published for github.com/0xJacky/Nginx-UI (Go) Apr 21, 2026
jaehonam Credited to jaehonam
Memos has an Incorrect Privilege Assignment issue Low
CVE-2026-6634 was published for github.com/usememos/memos (Go) Apr 20, 2026
Wish has SCP Path Traversal that allows arbitrary file read/write Critical
CVE-2026-41589 was published for charm.land/wish/v2 (Go) Apr 18, 2026
evnsh Credited to evnsh, andreynering, and aymanbagabas andreynering andreynering
aymanbagabas aymanbagabas
Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields Moderate
CVE-2026-6437 was published for github.com/kubernetes-sigs/aws-efs-csi-driver (Go) Apr 18, 2026
Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass Critical
CVE-2026-41574 was published for github.com/nhost/nhost (Go) Apr 18, 2026
skoveit Credited to skoveit
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database