GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation
Critical
CVE-2026-50566
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container
Moderate
CVE-2026-50565
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape
Critical
CVE-2026-50564
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission Container Executor Function PodSpec Injection Leading to Node Escape
Critical
CVE-2026-50563
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover
Critical
CVE-2026-50545
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook
High
CVE-2026-49824
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook
High
CVE-2026-49823
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance
High
CVE-2026-49822
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration
High
CVE-2026-49821
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission: MessageQueueTrigger scaler manager materializes Secret values into Deployment envvars and accepts arbitrary user PodSpec
High
GHSA-7m8x-qg2j-4m3v
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables
Moderate
CVE-2026-46618
was published
for
github.com/fission/fission
(Go)
May 21, 2026
Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read
High
CVE-2026-46617
was published
for
github.com/fission/fission
(Go)
May 21, 2026
Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger
Critical
CVE-2026-46614
was published
for
github.com/fission/fission
(Go)
May 21, 2026
Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
High
CVE-2026-46612
was published
for
github.com/fission/fission
(Go)
May 21, 2026
ProTip!
Advisories are also available from the
GraphQL API