GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
19 advisories
External Secrets Operator has DNS-based secret exfiltration via getHostByName in External Secrets v2 template engine
High
CVE-2026-34984
was published
for
github.com/external-secrets/external-secrets
(Go)
Apr 13, 2026
Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check
Moderate
CVE-2026-40923
was published
for
github.com/tektoncd/pipeline
(Go)
Apr 21, 2026
OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims
Moderate
CVE-2026-40574
was published
for
github.com/oauth2-proxy/oauth2-proxy/v7
(Go)
Apr 15, 2026
Cillium exposes sensitive information included in the cilium-bugtool debug archive
High
CVE-2026-41520
was published
for
github.com/cilium/cilium
(Go)
Apr 25, 2026
Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE
High
CVE-2026-40938
was published
for
github.com/tektoncd/pipeline
(Go)
Apr 21, 2026
Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware
Moderate
CVE-2026-41263
was published
for
github.com/traefik/traefik
(Go)
Apr 24, 2026
Contour has Lua code injection via Cookie Path Rewrite Policy
High
CVE-2026-41246
was published
for
github.com/projectcontour/contour
(Go)
Apr 24, 2026
Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL
High
CVE-2026-40161
was published
for
github.com/tektoncd/pipeline
(Go)
Apr 21, 2026
SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering
High
CVE-2026-40107
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Apr 10, 2026
Beszel has an IDOR in hub API endpoints that read system ID from URL parameter
Low
CVE-2026-40077
was published
for
github.com/henrygd/beszel
(Go)
Apr 10, 2026
opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking
High
CVE-2026-39883
was published
for
go.opentelemetry.io/otel/sdk
(Go)
Apr 8, 2026
Cosign's verify-blob-attestation reports false positive when payload parsing fails
Moderate
CVE-2026-39395
was published
for
github.com/sigstore/cosign
(Go)
Apr 8, 2026
File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands
High
CVE-2026-35607
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Apr 8, 2026
File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check
Moderate
CVE-2026-35606
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Apr 8, 2026
File Browser share links remain accessible after Share/Download permissions are revoked
High
CVE-2026-35604
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Apr 8, 2026
File Browser has an access rule bypass via HasPrefix without trailing separator in path matching
Moderate
CVE-2026-35605
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Apr 8, 2026
Gotenberg has incomplete fix for ExifTool arbitrary file write: case-insensitive bypass and missing HardLink/SymLink tags
High
GHSA-qmwh-9m9c-h36m
was published
for
github.com/gotenberg/gotenberg/v8
(Go)
Apr 7, 2026
Dgraph: Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization
Critical
CVE-2026-34976
was published
for
github.com/dgraph-io/dgraph
(Go)
Apr 2, 2026
Authorizer: Password reset token theft and full auth token redirect via unvalidated redirect_uri
High
GHSA-x3f4-v83f-7wp2
was published
for
github.com/authorizerdev/authorizer
(Go)
Apr 6, 2026
ProTip!
Advisories are also available from the
GraphQL API