GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
12 advisories
Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync
High
CVE-2026-40912
was published
for
github.com/traefik/traefik
(Go)
Apr 24, 2026
OpenFGA has Improper Policy Enforcement
Moderate
CVE-2026-41131
was published
for
github.com/openfga/openfga
(Go)
Apr 22, 2026
WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
Moderate
CVE-2026-30856
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL
High
CVE-2026-25890
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Feb 10, 2026
Apptainer ineffectively applies selinux and apparmor --security options
Moderate
CVE-2025-65105
was published
for
github.com/apptainer/apptainer
(Go)
Dec 2, 2025
OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`
Moderate
CVE-2025-29914
was published
for
github.com/corazawaf/coraza/v3
(Go)
Mar 20, 2025
gitsign may use incorrect Rekor entries during verification
Low
CVE-2024-51746
was published
for
github.com/sigstore/gitsign
(Go)
Nov 5, 2024
Opencontainers runc Incorrect Authorization vulnerability
High
CVE-2023-27561
was published
for
github.com/opencontainers/runc
(Go)
Mar 3, 2023
Istio Fragments in Path May Lead to Authorization Policy Bypass
High
CVE-2021-39156
was published
for
istio.io/istio
(Go)
Aug 30, 2021
ProTip!
Advisories are also available from the
GraphQL API