Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

486 advisories

Loading
Casdoor does not validate the AudienceRestriction element in SAML assertions Critical
CVE-2026-9093 was published for github.com/casdoor/casdoor (Go) May 28, 2026
Casdoor: GetTokenExchangeToken bypass through lack of cross-organization JWT signature check Critical
CVE-2026-9094 was published for github.com/casdoor/casdoor (Go) May 28, 2026
MCP Toolbox for Databases vulnerable to DNS rebinding attacks Critical
CVE-2026-9739 was published for github.com/googleapis/mcp-toolbox (Go) May 28, 2026
KubeVirt has a Link Following vulnerability Critical
CVE-2026-7374 was published for kubevirt.io/kubevirt (Go) May 26, 2026
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron Critical
CVE-2026-46716 was published for github.com/nezhahq/nezha (Go) May 23, 2026
FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory Critical
CVE-2026-48777 was published for github.com/gtsteffaniak/filebrowser/backend (Go) May 22, 2026
fg0x0 Credited to fg0x0 and Revanth011 Revanth011 Revanth011
Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host Critical
CVE-2026-46703 was published for @boxlite-ai/boxlite (Go) May 21, 2026
XlabAITeam Credited to XlabAITeam, keenanwgn, and A7um keenanwgn keenanwgn
A7um A7um
BoxLite: Permission Bypass Allows Modification of Read-Only Files Critical
CVE-2026-46695 was published for @boxlite-ai/boxlite (Go) May 21, 2026
XlabAITeam Credited to XlabAITeam, keenanwgn, and A7um keenanwgn keenanwgn
A7um A7um
Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger Critical
CVE-2026-46614 was published for github.com/fission/fission (Go) May 21, 2026
FORIMOC Credited to FORIMOC, Yuremin, and sanketsudake Yuremin Yuremin
sanketsudake sanketsudake
Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft Critical
CVE-2026-46354 was published for github.com/coder/coder (Go) May 19, 2026
bencalif Credited to bencalif
MCP Gateway: Authority-injection and JWT/session bypass via the unauthenticated router hair-pin "router-key" / "mcp-init-host" path Critical
GHSA-g53w-w6mj-hrpp was published for github.com/Kuadrant/mcp-gateway (Go) May 19, 2026
Bhuvanesh66 Credited to Bhuvanesh66
Kopia: RCE via SSH ProxyCommand Injection Critical
CVE-2026-45695 was published for github.com/kopia/kopia (Go) May 19, 2026
berardinellidaniele Credited to berardinellidaniele
Algernon: handler.lua discovery walks parent directories above the server root Critical
CVE-2026-45721 was published for github.com/xyproto/algernon (Go) May 19, 2026
Dredsen Credited to Dredsen
Arcane Backend: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs Critical
CVE-2026-45625 was published for github.com/getarcaneapp/arcane/backend (Go) May 18, 2026
offset Credited to offset
Crabbox: environment variable exposure vulnerability Critical
CVE-2026-8634 was published for github.com/openclaw/crabbox (Go) May 14, 2026
Portainer has an endpoint security bypass via Swarm service create/update Critical
CVE-2026-44849 was published for github.com/portainer/portainer (Go) May 14, 2026
JohannesLks Credited to JohannesLks and route2shell route2shell route2shell
Portainer missing authorization on Docker plugin endpoints, which allows host RCE Critical
CVE-2026-44848 was published for github.com/portainer/portainer (Go) May 14, 2026
ikkebr Credited to ikkebr
SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution Critical
CVE-2026-45375 was published for github.com/siyuan-note/siyuan/kernel (Go) May 13, 2026
Revanth011 Credited to Revanth011
Obot has an authorization bypass in /mcp-connect/{id} that allows any authenticated user to use any registered MCP server Critical
GHSA-vw82-7fv8-r6gp was published for github.com/obot-platform/obot (Go) May 13, 2026
Dalfox Server Mode Vulnerable to Unauthenticated Remote Code Execution via `found-action` Critical
CVE-2026-45087 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
drmingler Credited to drmingler
CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE Critical
CVE-2026-44477 was published for github.com/cloudnative-pg/cloudnative-pg (Go) May 11, 2026
mdisec Credited to mdisec
free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions Critical
CVE-2026-44330 was published for github.com/free5gc/nef (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers Critical
CVE-2026-44329 was published for github.com/free5gc/smf (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler Critical
CVE-2026-44327 was published for github.com/free5gc/nef (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions Critical
CVE-2026-44326 was published for github.com/free5gc/nef (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
ProTip! Advisories are also available from the GraphQL API