GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,468 advisories
Ella Core panics on malformed ULNASTransport Message without a Request Type
Moderate
CVE-2026-33283
was published
for
github.com/ellanetworks/core
(Go)
Mar 19, 2026
Ella Core panics on invalid PDU Session IDs in NGAP messages
Moderate
CVE-2026-33281
was published
for
github.com/ellanetworks/core
(Go)
Mar 19, 2026
Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets
Moderate
CVE-2026-32694
was published
for
github.com/juju/juju
(Go)
Mar 19, 2026
Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service
Moderate
CVE-2026-33320
was published
for
github.com/tomwright/dasel/v3
(Go)
Mar 19, 2026
Juju affected by timing ownership claim attack on new external back-end secrets
Moderate
CVE-2026-32691
was published
for
github.com/juju/juju
(Go)
Mar 19, 2026
SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass)
Moderate
CVE-2026-33194
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 18, 2026
Zitadel is missing enforcement of organization scopes
Moderate
CVE-2026-33132
was published
for
github.com/zitadel/zitadel
(Go)
Mar 18, 2026
PinchTab has a Blind SSRF via browser-side redirect bypass in /download URL validation
Moderate
CVE-2026-33081
was published
for
github.com/pinchtab/pinchtab
(Go)
Mar 18, 2026
SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata
Moderate
CVE-2026-33067
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 18, 2026
SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering
Moderate
CVE-2026-33066
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 18, 2026
File Browser has an Authorization Policy Bypass in Public Share Download Flow
Moderate
CVE-2026-32761
was published
for
https://github.com/filebrowser/filebrowser
(Go)
Mar 18, 2026
Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun
Moderate
CVE-2026-33022
was published
for
github.com/tektoncd/pipeline
(Go)
Mar 17, 2026
Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports
Moderate
CVE-2026-32941
was published
for
github.com/bishopfox/sliver
(Go)
Mar 17, 2026
Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration
Moderate
CVE-2026-32828
was published
for
github.com/akuity/kargo
(Go)
Mar 16, 2026
File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter
Moderate
CVE-2026-32758
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Mar 16, 2026
SiYuan Vulnerable to Remote Code Execution via Malicious Bazaar Package — Marketplace XSS
Moderate
GHSA-v3mg-9v85-fcm7
was published
for
siyuan
(Go)
Mar 16, 2026
File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely
Moderate
CVE-2026-32759
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Mar 16, 2026
SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface
Moderate
CVE-2026-32751
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 16, 2026
SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes
Moderate
CVE-2026-32750
was published
for
github.com/siyuan-note/siyuan
(Go)
Mar 16, 2026
SiYuan Vulnerable to Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure
Moderate
CVE-2026-32815
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 16, 2026
ProTip!
Advisories are also available from the
GraphQL API