GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
Fission Container Executor Function PodSpec Injection Leading to Node Escape
Critical
CVE-2026-50563
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover
Critical
CVE-2026-50545
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook
High
CVE-2026-49824
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook
High
CVE-2026-49823
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance
High
CVE-2026-49822
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration
High
CVE-2026-49821
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs)
High
CVE-2026-53999
was published
for
github.com/radius-project/radius
(Go)
Jun 12, 2026
Nuclio: Missing authorization on project write paths allows any authenticated user to modify or delete any project
High
CVE-2026-45730
was published
for
github.com/nuclio/nuclio
(Go)
Jun 4, 2026
Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables
Moderate
CVE-2026-46618
was published
for
github.com/fission/fission
(Go)
May 21, 2026
Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
High
CVE-2026-46612
was published
for
github.com/fission/fission
(Go)
May 21, 2026
Local Path Provisioner Vulnerable to HelperPod Template Injection
High
CVE-2026-44543
was published
for
github.com/rancher/local-path-provisioner
(Go)
May 11, 2026
Kyverno APICall SSRF Vulnerability Leading to Multi-Tenant Isolation Breach
High
GHSA-fmqp-4wfc-w3v7
was published
for
github.com/kyverno/kyverno
(Go)
Apr 14, 2026
Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS
High
CVE-2026-32254
was published
for
github.com/cloudnativelabs/kube-router/v2
(Go)
Mar 17, 2026
Nuclio Shell Runtime Command Injection Leading to Privilege Escalation
High
CVE-2026-29042
was published
for
github.com/nuclio/nuclio
(Go)
Mar 4, 2026
OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field
Low
CVE-2026-24005
was published
for
github.com/openkruise/kruise
(Go)
Feb 25, 2026
Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName
High
CVE-2026-24470
was published
for
github.com/zalando/skipper
(Go)
Jan 26, 2026
ProTip!
Advisories are also available from the
GraphQL API