GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,606 advisories
External Secrets Operator has DNS-based secret exfiltration via getHostByName in External Secrets v2 template engine
High
CVE-2026-34984
was published
for
github.com/external-secrets/external-secrets
(Go)
Apr 13, 2026
Wish has SCP Path Traversal that allows arbitrary file read/write
Critical
CVE-2026-41589
was published
for
charm.land/wish/v2
(Go)
Apr 18, 2026
Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass
Critical
CVE-2026-41574
was published
for
github.com/nhost/nhost
(Go)
Apr 18, 2026
Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check
Moderate
CVE-2026-40923
was published
for
github.com/tektoncd/pipeline
(Go)
Apr 21, 2026
goshs's public collaborator feed leaks .goshs ACL credentials and enables unauthorized access
High
CVE-2026-40885
was published
for
github.com/patrickhener/goshs/v2
(Go)
Apr 14, 2026
SFTP root escape via prefix-based path validation in goshs
High
CVE-2026-40876
was published
for
github.com/patrickhener/goshs
(Go)
Apr 14, 2026
go-git: Credential leak via cross-host redirect in smart HTTP transport
Moderate
CVE-2026-41506
was published
for
github.com/go-git/go-git/v5
(Go)
Apr 17, 2026
goshs has CSRF in state-changing GET routes enables authenticated file deletion and directory creation
Moderate
CVE-2026-40883
was published
for
github.com/patrickhener/goshs/v2
(Go)
Apr 14, 2026
Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints
Critical
CVE-2026-40173
was published
for
github.com/dgraph-io/dgraph
(Go)
Apr 16, 2026
Juju has a resource poisoning vulnerability
High
CVE-2025-68153
was published
for
github.com/juju/juju
(Go)
Apr 3, 2026
Juju: Read All Controller Logs From Compromised Workload
Moderate
CVE-2025-68152
was published
for
github.com/juju/juju
(Go)
Apr 3, 2026
OpenBao's SQL Injection in PostgreSQL database secrets engine
Moderate
CVE-2026-39946
was published
for
github.com/openbao/openbao
(Go)
Apr 21, 2026
OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate
Low
CVE-2026-39388
was published
for
github.com/openbao/openbao
(Go)
Apr 21, 2026
github.com/buger/jsonparser has a denial of service vulnerability
High
CVE-2026-32285
was published
for
github.com/buger/jsonparser
(Go)
Mar 18, 2026
melange has Path Traversal via .PKGINFO in --persist-lint-results
Low
CVE-2026-29051
was published
for
chainguard.dev/melange
(Go)
Apr 23, 2026
melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses
Moderate
CVE-2026-29050
was published
for
chainguard.dev/melange
(Go)
Apr 23, 2026
free5GC AMF: Missing default case in Content-Type switch in HTTPUEContextTransfer
Moderate
CVE-2026-41136
was published
for
github.com/free5gc/amf
(Go)
Apr 22, 2026
Dapr: Service Invocation path traversal ACL bypass
High
CVE-2026-41491
was published
for
github.com/dapr/dapr
(Go)
Apr 17, 2026
qui CORS Misconfiguration: Arbitrary Origins Trusted
Critical
CVE-2026-30924
was published
for
github.com/autobrr/qui
(Go)
Mar 19, 2026
PowerShell Command Injection in Podman HyperV Machine
Moderate
CVE-2026-33414
was published
for
github.com/containers/podman/v4
(Go)
Apr 14, 2026
ProTip!
Advisories are also available from the
GraphQL API