GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4 advisories
melange has a path traversal in license-path which allows reading files outside workspace
Moderate
CVE-2026-25145
was published
for
chainguard.dev/melange
(Go)
Feb 4, 2026
malcontent vulnerable to symlink Path Traversal via handleSymlink argument confusion in archive extraction
Moderate
CVE-2026-24846
was published
for
github.com/chainguard-dev/malcontent
(Go)
Jan 29, 2026
malcontent OCI image pull credential exfiltration via malicious registry token realm
Moderate
CVE-2026-24845
was published
for
github.com/chainguard-dev/malcontent
(Go)
Jan 29, 2026
melange's world-writable permissions expose SBOM files to potential image tampering
Moderate
CVE-2025-54059
was published
for
chainguard.dev/melange
(Go)
Jul 18, 2025
ProTip!
Advisories are also available from the
GraphQL API