Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
Nezha vulnerable to cross-tenant terminal/file-manager session hijack via WebSocket stream UUID without ownership check Critical
GHSA-q6xx-5vr8-p898 was published for github.com/nezhahq/nezha (Go) Jun 26, 2026
Uhudsavasindankacanokcu2 Credited to Uhudsavasindankacanokcu2
MCP Gateway: Authority-injection and JWT/session bypass via the unauthenticated router hair-pin "router-key" / "mcp-init-host" path Critical
GHSA-g53w-w6mj-hrpp was published for github.com/Kuadrant/mcp-gateway (Go) May 19, 2026
Bhuvanesh66 Credited to Bhuvanesh66
Vikunja: Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR Critical
GHSA-2pv8-4c52-mf8j was published for code.vikunja.io/api (Go) Mar 26, 2026
offset Credited to offset
Authorization Bypass Through User-Controlled Key in go-zero Critical
CVE-2024-27302 was published for github.com/zeromicro/go-zero (Go) Mar 4, 2024
cokeBeer Credited to cokeBeer
HashiCorp Vault vulnerable to incorrect metadata access Critical
CVE-2022-40186 was published for github.com/hashicorp/vault (Go) Sep 23, 2022
IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations Critical
CVE-2025-27507 was published for github.com/zitadel/zitadel (Go) Mar 4, 2025
amit-laish Credited to amit-laish, livio-a, fforootd, and adlerhurst livio-a livio-a
fforootd fforootd adlerhurst adlerhurst
Missing key verification in gost Critical
CVE-2024-39223 was published for github.com/ginuerzh/gost (Go) Jul 3, 2024
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go Critical
GHSA-92cg-ghq6-9587 was published for github.com/sap/cloud-security-client-go (Go) Dec 12, 2023 withdrawn
usememos/memos Authorization Bypass Through User-Controlled Key vulnerability Critical
CVE-2022-4686 was published for github.com/usememos/memos (Go) Dec 23, 2022
Authorization Bypass Through User-Controlled Key in go-restful Critical
CVE-2022-1996 was published for github.com/emicklei/go-restful (Go) Jun 9, 2022
hiddeco Credited to hiddeco
ProTip! Advisories are also available from the GraphQL API