GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,627 advisories
go-git: Credential leak via cross-host redirect in smart HTTP transport
Moderate
CVE-2026-41506
was published
for
github.com/go-git/go-git/v5
(Go)
Apr 17, 2026
OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR
High
CVE-2026-41433
was published
for
go.opentelemetry.io/obi
(Go)
Apr 17, 2026
Dapr: Service Invocation path traversal ACL bypass
High
CVE-2026-41491
was published
for
github.com/dapr/dapr
(Go)
Apr 17, 2026
Istio: SSRF via RequestAuthentication jwksUri
Moderate
CVE-2026-41413
was published
for
istio.io/istio
(Go)
Apr 16, 2026
Kyverno apiCall automatically forwards ServiceAccount token to external endpoints (credential leak)
High
GHSA-8wfp-579w-6r25
was published
for
github.com/kyverno/kyverno
(Go)
Apr 16, 2026
Kyverno: ServiceAccount token leaked to external servers via apiCall service URL
High
CVE-2026-41323
was published
for
github.com/kyverno/kyverno
(Go)
Apr 16, 2026
Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)
High
CVE-2026-41068
was published
for
github.com/kyverno/kyverno
(Go)
Apr 16, 2026
ACME Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider
High
CVE-2026-40611
was published
for
github.com/go-acme/lego
(Go)
Apr 16, 2026
zrok: Broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records
Moderate
CVE-2026-40304
was published
for
github.com/openziti/zrok
(Go)
Apr 16, 2026
zrok: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering
Moderate
CVE-2026-40302
was published
for
github.com/openziti/zrok
(Go)
Apr 16, 2026
Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints
Critical
CVE-2026-40173
was published
for
github.com/dgraph-io/dgraph
(Go)
Apr 16, 2026
Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots
Moderate
CVE-2026-39350
was published
for
istio.io/istio
(Go)
Apr 16, 2026
ProTip!
Advisories are also available from the
GraphQL API