GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC
High
CVE-2026-26056
was published
for
github.com/yokecd/yoke
(Go)
Feb 12, 2026
Unauthenticated Admission Webhook Endpoints in Yoke ATC
High
CVE-2026-26055
was published
for
github.com/yokecd/yoke
(Go)
Feb 12, 2026
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage
High
CVE-2026-25538
was published
for
github.com/devtron-labs/devtron
(Go)
Feb 4, 2026
Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName
High
CVE-2026-24470
was published
for
github.com/zalando/skipper
(Go)
Jan 26, 2026
Dragonfly Manager Job API Unauthenticated Access
High
CVE-2026-24124
was published
for
d7y.io/dragonfly/v2
(Go)
Jan 22, 2026
Skipper is vulnerable to arbitrary code execution through lua filters
High
CVE-2026-23742
was published
for
github.com/zalando/skipper
(Go)
Jan 16, 2026
Capsule tenant owners with "patch namespace" permission can hijack system namespaces label
Critical
CVE-2025-55205
was published
for
github.com/projectcapsule/capsule
(Go)
Aug 18, 2025
ProTip!
Advisories are also available from the
GraphQL API