GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,068 advisories
File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL
High
CVE-2026-25890
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Feb 10, 2026
Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service
High
CVE-2026-25791
was published
for
github.com/bishopfox/sliver
(Go)
Feb 6, 2026
Antrea has invalid enforcement order for network policy rules caused by integer overflow
High
CVE-2026-25804
was published
for
antrea.io/antrea
(Go)
Feb 6, 2026
Blocklist Bypass possible via ECDSA Signature Malleability
High
CVE-2026-25793
was published
for
github.com/slackhq/nebula
(Go)
Feb 6, 2026
Gogs vulnerable to Stored XSS via Mermaid diagrams
High
GHSA-26gq-grmh-6xm6
was published
for
gogs.io/gogs
(Go)
Feb 6, 2026
Gogs vulnerable to arbitrary file deletion via Path Traversal in wiki page update
High
CVE-2026-24135
was published
for
gogs.io/gogs
(Go)
Feb 6, 2026
OpenCloud Affected by Public Link Exploit
High
GHSA-vf5j-r2hw-2hrw
was published
for
github.com/opencloud-eu/opencloud
(Go)
Feb 5, 2026
OpenCloud Reva has a Public Link Exploit
High
CVE-2026-23989
was published
for
github.com/opencloud-eu/reva/v2
(Go)
Feb 5, 2026
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage
High
CVE-2026-25538
was published
for
github.com/devtron-labs/devtron
(Go)
Feb 4, 2026
Alist vulnerable to Path Traversal in multiple file operation handlers
High
CVE-2026-25161
was published
for
github.com/alist-org/alist/v3
(Go)
Feb 4, 2026
melange affected by potential host command execution via license-check YAML mode patch pipeline
High
CVE-2026-25143
was published
for
chainguard.dev/melange
(Go)
Feb 4, 2026
apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams
High
CVE-2026-25140
was published
for
chainguard-dev/apko
(Go)
Feb 4, 2026
apko has a path traversal in apko dirFS which allows filesystem writes outside base
High
CVE-2026-25121
was published
for
chainguard.dev/apko
(Go)
Feb 3, 2026
melange pipeline working-directory could allow command injection
High
CVE-2026-24844
was published
for
chainguard.dev/melange
(Go)
Feb 3, 2026
melange QEMU runner could write files outside workspace directory
High
CVE-2026-24843
was published
for
chainguard.dev/melange
(Go)
Feb 3, 2026
terraform-provider-proxmox has insecure sudo recommendation in the documentation
High
CVE-2026-25499
was published
for
github.com/bpg/terraform-provider-proxmox
(Go)
Feb 2, 2026
OpenList has Insecure TLS Default Configuration
High
CVE-2026-25060
was published
for
github.com/OpenListTeam/OpenList/v4
(Go)
Feb 2, 2026
OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking
High
CVE-2026-24051
was published
for
go.opentelemetry.io/otel/sdk/resource
(Go)
Feb 2, 2026
OpenList vulnerable to Path Traversal in file copy and remove handlers
High
CVE-2026-25059
was published
for
github.com/OpenListTeam/OpenList/v4
(Go)
Feb 2, 2026
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal
High
GHSA-f72r-2h5j-7639
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Jan 28, 2026
ProTip!
Advisories are also available from the
GraphQL API