Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
IPAM controller service account granted unnecessary full access to Secrets Moderate
CVE-2026-47190 was published for github.com/metal3-io/ip-address-manager (Go) May 29, 2026
Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables Moderate
CVE-2026-46618 was published for github.com/fission/fission (Go) May 21, 2026
b0b0haha Credited to b0b0haha, j311yl0v3u, and sanketsudake j311yl0v3u j311yl0v3u
sanketsudake sanketsudake
Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read High
CVE-2026-46617 was published for github.com/fission/fission (Go) May 21, 2026
FORIMOC Credited to FORIMOC, Yuremin, and sanketsudake Yuremin Yuremin
sanketsudake sanketsudake
CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE Critical
CVE-2026-44477 was published for github.com/cloudnative-pg/cloudnative-pg (Go) May 11, 2026
mdisec Credited to mdisec
OliveTin's RestartAction always runs actions as guest Moderate
CVE-2026-30225 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
Zwique Credited to Zwique
Skipper is vulnerable to arbitrary code execution through lua filters High
CVE-2026-23742 was published for github.com/zalando/skipper (Go) Jan 16, 2026
moyushui Credited to moyushui and b0b0haha b0b0haha b0b0haha
Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR Critical
CVE-2025-32445 was published for github.com/argoproj/argo-events (Go) Apr 14, 2025
thevilledev Credited to thevilledev
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer Moderate
CVE-2024-7387 was published for github.com/openshift/builder (Go) Sep 17, 2024
Submariner Operator sets unnecessary RBAC permissions Moderate
CVE-2024-5042 was published for github.com/submariner-io/submariner-operator (Go) May 17, 2024
skitt Credited to skitt
Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster Moderate
CVE-2023-30617 was published for github.com/openkruise/kruise (Go) Jan 5, 2024
kOps privilege escalation vulnerability High
CVE-2023-1943 was published for k8s.io/kops (Go) Oct 12, 2023
Wings vulnerable to escape to host from installation container Critical
CVE-2023-32080 was published for github.com/pterodactyl/wings (Go) May 11, 2023
chirag350 Credited to chirag350
Improper Privilege Management and Execution with Unnecessary Privileges in Kata Containers Moderate
CVE-2020-2023 was published for github.com/kata-containers/agent (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database