Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
39
Go
2,951
Maven
5,000+
npm
4,596
NuGet
787
pip
4,304
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,067 advisories

Loading
Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service High
CVE-2026-25791 was published for github.com/bishopfox/sliver (Go) Feb 6, 2026
xtle0o0
Credited to xtle0o0
Antrea has invalid enforcement order for network policy rules caused by integer overflow High
CVE-2026-25804 was published for antrea.io/antrea (Go) Feb 6, 2026
antoninbas Dyanngg
Credited to antoninbas and Dyanngg
Blocklist Bypass possible via ECDSA Signature Malleability High
CVE-2026-25793 was published for github.com/slackhq/nebula (Go) Feb 6, 2026
mrtufan
Credited to mrtufan
Gogs vulnerable to Stored XSS via Mermaid diagrams High
GHSA-26gq-grmh-6xm6 was published for gogs.io/gogs (Go) Feb 6, 2026
jdomeracki
Credited to jdomeracki
Mattermost Confluence plugin doesn't properly escape user-controlled display names in HTML template rendering High
CVE-2025-13523 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Feb 6, 2026
Gogs vulnerable to arbitrary file deletion via Path Traversal in wiki page update High
CVE-2026-24135 was published for gogs.io/gogs (Go) Feb 6, 2026
reschjonas
Credited to reschjonas
Gogs Vulnerable to 2FA Bypass via Recovery Code High
CVE-2025-64175 was published for gogs.io/gogs (Go) Feb 6, 2026
OpenCloud Affected by Public Link Exploit High
GHSA-vf5j-r2hw-2hrw was published for github.com/opencloud-eu/opencloud (Go) Feb 5, 2026
rhafer aduffeck
dragotin micbar
Credited to rhafer, aduffeck, dragotin, and micbar
OpenCloud Reva has a Public Link Exploit High
CVE-2026-23989 was published for github.com/opencloud-eu/reva/v2 (Go) Feb 5, 2026
rhafer aduffeck
dragotin micbar
Credited to rhafer, aduffeck, dragotin, and micbar
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage High
CVE-2026-25538 was published for github.com/devtron-labs/devtron (Go) Feb 4, 2026
b0b0haha spingARbor
lixingquzhi
Credited to b0b0haha, spingARbor, and lixingquzhi
Alist vulnerable to Path Traversal in multiple file operation handlers High
CVE-2026-25161 was published for github.com/alist-org/alist/v3 (Go) Feb 4, 2026
XlabAITeam A7um
okatu-loli
Credited to XlabAITeam, A7um, and okatu-loli
ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx High
CVE-2026-1580 was published for k8s.io/ingress-nginx (Go) Feb 4, 2026
ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx High
CVE-2026-24512 was published for k8s.io/ingress-nginx (Go) Feb 4, 2026
melange affected by potential host command execution via license-check YAML mode patch pipeline High
CVE-2026-25143 was published for chainguard.dev/melange (Go) Feb 4, 2026
1seal egibs
sil2100 antitree
Credited to 1seal, egibs, sil2100, and antitree
apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams High
CVE-2026-25140 was published for chainguard-dev/apko (Go) Feb 4, 2026
1seal egibs
antitree jdolitsky
Credited to 1seal, egibs, antitree, and jdolitsky
apko has a path traversal in apko dirFS which allows filesystem writes outside base High
CVE-2026-25121 was published for chainguard.dev/apko (Go) Feb 3, 2026
1seal jdolitsky
antitree xornivore eslerm egibs stevebeattie
Credited to 1seal, jdolitsky, antitree, xornivore, eslerm, egibs, and stevebeattie
melange pipeline working-directory could allow command injection High
CVE-2026-24844 was published for chainguard.dev/melange (Go) Feb 3, 2026
1seal antitree
egibs 89luca89 eslerm
Credited to 1seal, antitree, egibs, 89luca89, and eslerm
melange QEMU runner could write files outside workspace directory High
CVE-2026-24843 was published for chainguard.dev/melange (Go) Feb 3, 2026
1seal antitree
egibs 89luca89 eslerm
Credited to 1seal, antitree, egibs, 89luca89, and eslerm
terraform-provider-proxmox has insecure sudo recommendation in the documentation High
CVE-2026-25499 was published for github.com/bpg/terraform-provider-proxmox (Go) Feb 2, 2026
lucasmaurice
Credited to lucasmaurice
OpenList has Insecure TLS Default Configuration High
CVE-2026-25060 was published for github.com/OpenListTeam/OpenList/v4 (Go) Feb 2, 2026
XlabAITeam dezhishen
KirCute jyxjjj A7um pkuGenuine keenanwgn
Credited to XlabAITeam, dezhishen, KirCute, jyxjjj, A7um, pkuGenuine, and keenanwgn
OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking High
CVE-2026-24051 was published for go.opentelemetry.io/otel/sdk/resource (Go) Feb 2, 2026
MorielHarush pellared
arminru
Credited to MorielHarush, pellared, and arminru
OpenList vulnerable to Path Traversal in file copy and remove handlers High
CVE-2026-25059 was published for github.com/OpenListTeam/OpenList/v4 (Go) Feb 2, 2026
XlabAITeam KirCute
dezhishen Suyunmeng jyxjjj A7um pkuGenuine keenanwgn
Credited to XlabAITeam, KirCute, dezhishen, Suyunmeng, jyxjjj, A7um, pkuGenuine, and keenanwgn
Rancher CLI skips TLS verification on Rancher CLI login command High
CVE-2025-67601 was published for github.com/rancher/rancher (Go) Feb 1, 2026
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal High
GHSA-f72r-2h5j-7639 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 28, 2026
EaEa0001
Credited to EaEa0001
Kyverno Denial of Service via Context Variable Amplification in Policy Engine High
CVE-2026-23881 was published for github.com/kyverno/kyverno (Go) Jan 27, 2026
thevilledev
Credited to thevilledev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database