Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

4 advisories

Loading
Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS High
CVE-2026-48050 was published for github.com/basekick-labs/arc (Go) Jun 11, 2026
NeuroWinter Credited to NeuroWinter
Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that bypasses RBAC table-level checks High
CVE-2026-47735 was published for github.com/basekick-labs/arc (Go) Jun 8, 2026
NeuroWinter Credited to NeuroWinter
Vitess users with backup storage access can write to arbitrary file paths on restore Critical
CVE-2026-27969 was published for vitess.io/vitess (Go) Feb 27, 2026
NeuroWinter Credited to NeuroWinter
Vitess users with backup storage access can gain unauthorized access to production deployment environments High
CVE-2026-27965 was published for vitess.io/vitess (Go) Feb 26, 2026
NeuroWinter Credited to NeuroWinter
ProTip! Advisories are also available from the GraphQL API