Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,448 advisories

Loading
Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun Moderate
CVE-2026-33022 was published for github.com/tektoncd/pipeline (Go) Mar 17, 2026
1seal Credited to 1seal, vdemeester, and afrittoli vdemeester vdemeester
afrittoli afrittoli
Tillitis TKey Client has an Error in Protocol Implementation Moderate
CVE-2026-32953 was published for github.com/tillitis/tkeyclient (Go) Mar 17, 2026
Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports Moderate
GHSA-97vp-pwqj-46qc was published for github.com/bishopfox/sliver (Go) Mar 17, 2026
skoveit Credited to skoveit
Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration Moderate
GHSA-j94x-8wcp-x7hm was published for github.com/akuity/kargo (Go) Mar 16, 2026
maru1009 Credited to maru1009 and krancour krancour krancour
File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter Moderate
CVE-2026-32758 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 16, 2026
iconnnjka Credited to iconnnjka and hacdias hacdias hacdias
SiYuan Vulnerable to Remote Code Execution via Malicious Bazaar Package — Marketplace XSS Moderate
GHSA-v3mg-9v85-fcm7 was published for siyuan (Go) Mar 16, 2026
0xkakash1 Credited to 0xkakash1
File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely Moderate
CVE-2026-32759 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 16, 2026
fg0x0 Credited to fg0x0
SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface Moderate
CVE-2026-32751 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 16, 2026
0xkakash1 Credited to 0xkakash1
SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes Moderate
CVE-2026-32750 was published for github.com/siyuan-note/siyuan (Go) Mar 16, 2026
fg0x0 Credited to fg0x0
SiYuan Vulnerable to Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure Moderate
GHSA-xp2m-98x8-rpj6 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 16, 2026
0xkakash1 Credited to 0xkakash1
SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets Moderate
CVE-2026-32747 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 16, 2026
fg0x0 Credited to fg0x0
Mattermost fails to limit the size of responses from integration action endpoints Moderate
CVE-2026-2456 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost allows a removed team member to enumerate all public channels within a private team Moderate
CVE-2026-2458 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to filter invite IDs based on user permissions Moderate
CVE-2026-2463 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to preserve the redacted state of burn-on-read posts during deletion Moderate
CVE-2026-2578 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to bound memory allocation when processing DOC files Moderate
CVE-2026-25780 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to properly validate User-Agent header tokens Moderate
CVE-2026-25783 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to bound memory allocation when processing PSD image files Moderate
CVE-2026-26246 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost allows attackers to spoof permalink embeds Moderate
CVE-2026-2457 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB Moderate
CVE-2026-32704 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 13, 2026
fg0x0 Credited to fg0x0
Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload Moderate
CVE-2026-30961 was published for github.com/forceu/gokapi (Go) Mar 13, 2026
Sijisu Credited to Sijisu, aisafe-bot, and Forceu aisafe-bot aisafe-bot
Forceu Forceu
Gokapi vulnerable to DoS in E2E Metadata Parser Moderate
CVE-2026-30955 was published for github.com/forceu/gokapi (Go) Mar 13, 2026
Sijisu Credited to Sijisu, Forceu, and aisafe-bot Forceu Forceu
aisafe-bot aisafe-bot
Gokapi vulnerable to Privilege Escalation in File Replace Moderate
CVE-2026-30943 was published for github.com/forceu/gokapi (Go) Mar 13, 2026
Sijisu Credited to Sijisu, aisafe-bot, and Forceu aisafe-bot aisafe-bot
Forceu Forceu
SFTPGo improperly sanitizes placeholders in group home directories/key prefixes Moderate
CVE-2026-30915 was published for github.com/drakkan/sftpgo/v2 (Go) Mar 13, 2026
SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy Moderate
CVE-2026-30914 was published for github.com/drakkan/sftpgo (Go) Mar 13, 2026
mcantrell Credited to mcantrell
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database