GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
2 advisories
Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL
High
CVE-2026-40161
was published
for
github.com/tektoncd/pipeline
(Go)
Apr 21, 2026
Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE
High
CVE-2026-40938
was published
for
github.com/tektoncd/pipeline
(Go)
Apr 21, 2026
ProTip!
Advisories are also available from the
GraphQL API