Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
69
GitHub Actions
50
Go
3,876
Maven
5,000+
npm
5,000+
NuGet
958
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,363
Swift
54
Unreviewed advisories
All unreviewed
5,000+

19 advisories

Loading
Kubewarden vulnerable to RBAC Reconnaissance via unchecked can_i host capability call Moderate
CVE-2026-42541 was published for github.com/kubewarden/kubewarden-controller (Go) May 5, 2026
thevilledev Credited to thevilledev
Kyverno Controller Denial of Service via forEach Mutation Panic High
CVE-2026-41485 was published for github.com/kyverno/kyverno (Go) Apr 24, 2026
thevilledev Credited to thevilledev
Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller High
CVE-2026-40886 was published for github.com/argoproj/argo-workflows/v3 (Go) Apr 23, 2026
thevilledev Credited to thevilledev
Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode High
CVE-2026-31892 was published for github.com/argoproj/argo-workflows (Go) Mar 11, 2026
thevilledev Credited to thevilledev
Kubewarden: Cross-namespace data exfiltration via deprecated host callback binding Moderate
CVE-2026-29773 was published for github.com/kubewarden/kubewarden-controller (Go) Mar 9, 2026
thevilledev Credited to thevilledev
CoreDNS ACL Bypass High
CVE-2026-26017 was published for github.com/coredns/coredns (Go) Mar 6, 2026
YOUNEVSKY Credited to YOUNEVSKY and thevilledev thevilledev thevilledev
opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path High
CVE-2026-26205 was published for github.com/open-policy-agent/opa-envoy-plugin (Go) Feb 18, 2026
thevilledev Credited to thevilledev
Kyverno Denial of Service via Context Variable Amplification in Policy Engine High
CVE-2026-23881 was published for github.com/kyverno/kyverno (Go) Jan 27, 2026
thevilledev Credited to thevilledev
Kyverno Cross-Namespace Privilege Escalation via Policy apiCall Critical
CVE-2026-22039 was published for github.com/kyverno/kyverno (Go) Jan 27, 2026
thevilledev Credited to thevilledev
CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages Moderate
CVE-2025-68151 was published for github.com/coredns/coredns (Go) Jan 8, 2026
thevilledev Credited to thevilledev
Expr has Denial of Service via Unbounded Recursion in Builtin Functions High
CVE-2025-68156 was published for github.com/expr-lang/expr (Go) Dec 16, 2025
thevilledev Credited to thevilledev
Repository Credentials Race Condition Crashes Argo CD Server Moderate
CVE-2025-55191 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 30, 2025
thevilledev Credited to thevilledev
CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion High
CVE-2025-58063 was published for github.com/coredns/coredns (Go) Sep 9, 2025
thevilledev Credited to thevilledev
Kyverno's Improper JMESPath Variable Evaluation Lead to Denial of Service High
CVE-2025-47281 was published for github.com/kyverno/kyverno (Go) Jul 22, 2025
thevilledev Credited to thevilledev
CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification High
CVE-2025-47950 was published for github.com/coredns/coredns (Go) Jun 6, 2025
thevilledev Credited to thevilledev and dfunkt dfunkt dfunkt
Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR Critical
CVE-2025-32445 was published for github.com/argoproj/argo-events (Go) Apr 14, 2025
thevilledev Credited to thevilledev
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input Critical
CVE-2025-30223 was published for github.com/beego/beego (Go) Mar 31, 2025
thevilledev Credited to thevilledev
Memory Exhaustion in Expr Parser with Unrestricted Input High
CVE-2025-29786 was published for github.com/expr-lang/expr (Go) Mar 17, 2025
thevilledev Credited to thevilledev
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service High
GHSA-5pf6-cq2v-23ww was published for github.com/clidey/whodb/core (Go) Dec 19, 2024
thevilledev Credited to thevilledev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database