Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

7 advisories

Loading
go-billy has path traversal vulnerabilities High
CVE-2026-44973 was published for github.com/go-git/go-billy/v5 (Go) May 14, 2026
faran66 Credited to faran66 and vnykmshr vnykmshr vnykmshr
Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr) High
CVE-2026-40110 was published for jupyter-server (pip) May 5, 2026
vnykmshr Credited to vnykmshr, Yann-P, and Carreau Yann-P Yann-P
Carreau Carreau
Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure High
CVE-2026-42296 was published for github.com/argoproj/argo-workflows/v3 (Go) May 4, 2026
vnykmshr Credited to vnykmshr, Joibel, and isubasinghe Joibel Joibel
isubasinghe isubasinghe
Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG High
CVE-2026-33344 was published for github.com/dagu-org/dagu (Go) Mar 19, 2026
vnykmshr Credited to vnykmshr
vnykmshr Credited to vnykmshr
SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183) Critical
CVE-2026-32940 was published for github.com/siyuan-note/siyuan (Go) Mar 17, 2026
vnykmshr Credited to vnykmshr
soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo import Critical
CVE-2026-30832 was published for github.com/charmbracelet/soft-serve (Go) Mar 6, 2026
vnykmshr Credited to vnykmshr
ProTip! Advisories are also available from the GraphQL API