Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,092
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,414
Swift
61
Unreviewed advisories
All unreviewed
5,000+

4,092 advisories

Loading
Gogs has the ability to import local repositories via Mirror Settings High
CVE-2026-52801 was published for gogs.io/gogs (Go) Jun 23, 2026
KKC73 Credited to KKC73
Gogs Vulnerable to CSRF Leading to Organization Owner Takeover High
CVE-2026-52800 was published for gogs.io/gogs (Go) Jun 23, 2026
odgrso Credited to odgrso
Gogs Missing Authorization in Attachment Download High
CVE-2026-52799 was published for gogs.io/gogs (Go) Jun 22, 2026
odgrso Credited to odgrso
Gogs has Stored XSS in `.ipynb` Preview High
CVE-2026-52798 was published for gogs.io/gogs (Go) Jun 22, 2026
odgrso Credited to odgrso
Gogs has DoS in rendering issue index pattern Low
CVE-2026-52796 was published for gogs.io/gogs (Go) Jun 22, 2026
BaiMeow Credited to BaiMeow
nebula-mesh's stores enrollment tokens unhashed in SQLite Moderate
GHSA-ghmh-jhmj-wcmf was published for github.com/juev/nebula-mesh (Go) Jun 22, 2026
ak2k Credited to ak2k
Gogs has SSRF in webhook deliveries Moderate
CVE-2026-47267 was published for gogs.io/gogs (Go) Jun 22, 2026
snyff Credited to snyff
Inspektor Gadget: Unprivileged container can crash USDT note parser via crafted ELF (no shipped gadget affected) Low
CVE-2026-44778 was published for github.com/inspektor-gadget/inspektor-gadget (Go) Jun 22, 2026
Build breakout using malicious Containerfile and Git Smart HTTP server or GitHub release tar archive Moderate
CVE-2026-44517 was published for github.com/containers/buildah (Go) Jun 22, 2026
eriksjolund Credited to eriksjolund
runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations Moderate
CVE-2026-41579 was published for github.com/opencontainers/runc (Go) Jun 22, 2026
mosskappa Credited to mosskappa and Dmanzella Dmanzella Dmanzella
Entire CLI: Path traversal in checkpoint session metadata allows arbitrary file write during resume/rewind Moderate
GHSA-2h46-9x5w-4wf7 was published for github.com/entireio/cli (Go) Jun 19, 2026
nskath Credited to nskath
Gogs has an Authentication Bypass via Unvalidated Reverse Proxy Headers High
CVE-2026-25119 was published for gogs.io/gogs (Go) Jun 22, 2026
tenbbughunters Credited to tenbbughunters
Gogs has a Denial of Service in repository/wiki file listing web pages Moderate
CVE-2025-64719 was published for gogs.io/gogs (Go) Jun 22, 2026
0xless Credited to 0xless
Canonical MicroCeph: path traversal issue in the remote-import AP Moderate
CVE-2026-10720 was published for github.com/canonical/microceph/microceph (Go) Jun 19, 2026
Gogs: XSS in .ipynb files renderer due to outdated notebookjs High
GHSA-6vxv-wg6j-5qwp was published for gogs.io/gogs (Go) Jun 19, 2026
Aikido-Security Credited to Aikido-Security, JorianWoltjer, and grumpinout1 JorianWoltjer JorianWoltjer
grumpinout1 grumpinout1
SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected Low
CVE-2026-55866 was published for github.com/authzed/spicedb (Go) Jun 19, 2026
miparnisari Credited to miparnisari
OpenBao: Transit secrets engine crashes on key creation with `derived: true` for asymmetric key types Moderate
CVE-2026-55776 was published for github.com/openbao/openbao (Go) Jun 19, 2026
SahilKumar000 Credited to SahilKumar000
OpenBao's System Backend allows Unauthorized Management of the containing Namespace Low
CVE-2026-55775 was published for github.com/openbao/openbao (Go) Jun 19, 2026
satoqz Credited to satoqz
OpenBao: LDAPi ldaputil (wrong escape func) Moderate
CVE-2026-55770 was published for github.com/openbao/openbao (Go) Jun 19, 2026
alcls01111 Credited to alcls01111
OpenBao: Cross-namespace lease revocation/renewal via canonical sys/leases/{revoke,renew} — incomplete fix of CVE-2026-45808 Low
CVE-2026-55774 was published for github.com/openbao/openbao (Go) Jun 19, 2026
anir0y Credited to anir0y and 5ud0er 5ud0er 5ud0er
Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms Moderate
CVE-2026-55187 was published for github.com/axllent/mailpit (Go) Jun 19, 2026
JLLeitschuh Credited to JLLeitschuh
Open Redirect Bypass in miniflux-v2 Moderate
CVE-2026-55185 was published for miniflux.app/v2 (Go) Jun 19, 2026
Fushuling Credited to Fushuling and RacerZ-fighting RacerZ-fighting RacerZ-fighting
Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails Moderate
CVE-2026-54762 was published for github.com/traefik/traefik/v3 (Go) Jun 19, 2026
vvvvvvvvvvel Credited to vvvvvvvvvvel
go.qbee.io/transport: Symlink-chain path traversal in tar extraction (one level outside destination) Moderate
CVE-2026-55828 was published for go.qbee.io/transport (Go) Jun 19, 2026
ttzero25 Credited to ttzero25
Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName Moderate
CVE-2026-11769 was published for github.com/grafana/grafana-operator (Go) Jun 19, 2026
cherez0ff Credited to cherez0ff
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database