Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

13 advisories

Loading
Mitmweb API Authentication Bypass Using Proxy Server High
CVE-2025-23217 was published for mitmproxy (pip) Feb 6, 2025
gronke Credited to gronke and mhils mhils mhils
code-server's session cookie can be extracted by having user visit specially crafted proxy URL High
CVE-2025-47269 was published for code-server (npm) May 9, 2025
Misconfigured Internal Proxy in runtimes-inventory-rhel8-operator Grants Standard Users Full Cluster Administrator Access High
CVE-2025-11393 was published for github.com/RedHatInsights/runtimes-inventory-operator (Go) Dec 15, 2025
Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName High
CVE-2026-24470 was published for github.com/zalando/skipper (Go) Jan 26, 2026
b0b0haha Credited to b0b0haha, moyushui, and j311yl0v3u moyushui moyushui
j311yl0v3u j311yl0v3u
SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions High
GHSA-3v2x-9xcv-2v2v was published for surrealdb (Rust) Jan 22, 2026
cure53 Credited to cure53 and geraname geraname geraname
an7y Credited to an7y
kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token High
CVE-2026-40868 was published for github.com/kyverno/kyverno (Go) Apr 14, 2026
1seal Credited to 1seal
sachinpatilpsp Credited to sachinpatilpsp and IAMolofficial IAMolofficial IAMolofficial
axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy` High
CVE-2026-44494 was published for axios (npm) May 29, 2026
August829 Credited to August829
Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs) High
CVE-2026-53999 was published for github.com/radius-project/radius (Go) Jun 12, 2026
b0b0haha Credited to b0b0haha and j311yl0v3u j311yl0v3u j311yl0v3u
Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator` High
CVE-2026-55225 was published for io.strimzi:strimzi (Maven) Jun 18, 2026
cherez0ff Credited to cherez0ff, ppatierno, scholzj, and katheris ppatierno ppatierno
scholzj scholzj katheris katheris
Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration High
CVE-2026-49821 was published for github.com/fission/fission (Go) Jun 30, 2026
j311yl0v3u Credited to j311yl0v3u, b0b0haha, and sanketsudake b0b0haha b0b0haha
sanketsudake sanketsudake
ProTip! Advisories are also available from the GraphQL API