GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
WeKnora is Vulnerable to SSRF via Redirection
Moderate
CVE-2026-30247
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 5, 2026
PinchTab has SSRF with Full Response Exfiltration via Download Handler
High
CVE-2026-30834
was published
for
github.com/pinchtab/pinchtab/cmd/pinchtab
(Go)
Mar 6, 2026
WeKnora Vulnerable to Broken Access Control in Tenant Management
Critical
CVE-2026-30855
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
Moderate
CVE-2026-30856
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
WeKnora has Unauthorized Cross‑Tenant Knowledge Base Cloning
Moderate
CVE-2026-30857
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources
High
CVE-2026-30858
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
WeKnora has Broken Access Control - Cross-Tenant Data Exposure
High
CVE-2026-30859
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool
Critical
CVE-2026-30860
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
Critical
CVE-2026-30861
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 7, 2026
Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk
High
CVE-2026-33252
was published
for
github.com/modelcontextprotocol/go-sdk
(Go)
Mar 19, 2026
ProTip!
Advisories are also available from the
GraphQL API