Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3 advisories

Loading
Distribution's tag deletion bypasses `storage.delete.enabled` configuration Moderate
CVE-2026-41888 was published for github.com/distribution/distribution (Go) May 4, 2026
joonas Credited to joonas
Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write High
CVE-2026-40090 was published for github.com/zarf-dev/zarf (Go) Apr 14, 2026
joonas Credited to joonas
Zarf's symlink targets in archives are not validated against destination directory High
CVE-2026-29064 was published for github.com/zarf-dev/zarf/src/pkg/archive (Go) Mar 6, 2026
joonas Credited to joonas
ProTip! Advisories are also available from the GraphQL API