Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

164,177 advisories

Loading
Envoy Gateway: OCI layer extraction allocates make([]byte, h.Size) from untrusted tar header Moderate
CVE-2026-53717 was published for github.com/envoyproxy/gateway (Go) Jul 16, 2026
zhaohuabing Credited to zhaohuabing
Envoy Gateway: Nil-dereference when SecurityPolicy targets TCPRoute without spec.authorization Moderate
CVE-2026-53719 was published for github.com/envoyproxy/gateway (Go) Jul 16, 2026
Envoy Gateway: Wasm HTTP fetch decompresses gzip without output-size limit Moderate
CVE-2026-53716 was published for github.com/envoyproxy/gateway (Go) Jul 16, 2026
zhaohuabing Credited to zhaohuabing
Envoy Gateway custom backendRef cross-namespace ReferenceGrant bypass Moderate
CVE-2026-53718 was published for github.com/envoyproxy/gateway (Go) Jul 16, 2026
kumactl connects to control plane without verifying TLS certificate when no CA is configured Moderate
CVE-2026-50166 was published for github.com/kumahq/kuma (Go) Jul 16, 2026
text-generation-inference through 3.3.7 contains a server-side request forgery (SSRF)... Moderate Unreviewed
CVE-2026-63086 was published Jul 16, 2026
ProTip! Advisories are also available from the GraphQL API