Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

70 advisories

Loading
Rancher has over-inclusive team membership expansion in GitHub App authentication provider High
CVE-2026-41053 was published for github.com/rancher/rancher (Go) Jul 1, 2026
Yuremin Credited to Yuremin and FORIMOC FORIMOC FORIMOC
golang.org/x/crypto/ssh: Invoking VerifiedPublicKeyCallback permissions skip enforcement Critical
CVE-2026-46595 was published for golang.org/x/crypto/ssh (Go) Jun 25, 2026
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function... Moderate Unreviewed
CVE-2026-12773 was published Jun 21, 2026
Keycloak: Revoked Tokens Can Remain Active When Both Realm-Level and Client-Level `notBefore` Revocation Policies are Configured Moderate
CVE-2026-8922 was published for org.keycloak:keycloak-services (Maven) May 19, 2026
CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC High
CVE-2026-33190 was published for github.com/coredns/coredns (Go) Apr 28, 2026
manizada Credited to manizada
Mattermost allows attackers to take over arbitrary user accounts via overly permissive substring matching flaw Moderate
CVE-2026-27656 was published for github.com/mattermost/mattermost-server (Go) Mar 25, 2026
Tillitis TKey Client has an Error in Protocol Implementation Moderate
CVE-2026-32953 was published for github.com/tillitis/tkeyclient (Go) Mar 17, 2026
Mattermost fails to properly validate login method restrictions Moderate
CVE-2026-0999 was published for github.com/mattermost/mattermost-server (Go) Feb 16, 2026
Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm High
CVE-2025-14273 was published for github.com/mattermost/mattermost-plugin-jira (Go) Dec 22, 2025
Mattermost fails to to verify the token used during code exchange Critical
CVE-2025-12421 was published for github.com/mattermost/mattermost-server (Go) Nov 27, 2025
Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication Critical
CVE-2025-12419 was published for github.com/mattermost/mattermost-server (Go) Nov 27, 2025
Python Social Auth - Django has unsafe account association Moderate
CVE-2025-61783 was published for social-auth-app-django (pip) Oct 9, 2025
mel-mason Credited to mel-mason, vanya909, and nijel vanya909 vanya909
nijel nijel
ProTip! Advisories are also available from the GraphQL API