Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

7 advisories

Loading
Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook High
CVE-2026-49824 was published for github.com/fission/fission (Go) Jun 30, 2026
j311yl0v3u Credited to j311yl0v3u, b0b0haha, and sanketsudake b0b0haha b0b0haha
sanketsudake sanketsudake
Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook High
CVE-2026-49823 was published for github.com/fission/fission (Go) Jun 30, 2026
j311yl0v3u Credited to j311yl0v3u, b0b0haha, and sanketsudake b0b0haha b0b0haha
sanketsudake sanketsudake
Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance High
CVE-2026-49822 was published for github.com/fission/fission (Go) Jun 30, 2026
j311yl0v3u Credited to j311yl0v3u, b0b0haha, and sanketsudake b0b0haha b0b0haha
sanketsudake sanketsudake
Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration High
CVE-2026-49821 was published for github.com/fission/fission (Go) Jun 30, 2026
j311yl0v3u Credited to j311yl0v3u, b0b0haha, and sanketsudake b0b0haha b0b0haha
sanketsudake sanketsudake
Fission: MessageQueueTrigger scaler manager materializes Secret values into Deployment envvars and accepts arbitrary user PodSpec High
GHSA-7m8x-qg2j-4m3v was published for github.com/fission/fission (Go) Jun 30, 2026
FORIMOC Credited to FORIMOC, Yuremin, and sanketsudake Yuremin Yuremin
sanketsudake sanketsudake
FORIMOC Credited to FORIMOC, Yuremin, and sanketsudake Yuremin Yuremin
sanketsudake sanketsudake
Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives High
CVE-2026-46612 was published for github.com/fission/fission (Go) May 21, 2026
j311yl0v3u Credited to j311yl0v3u, b0b0haha, and sanketsudake b0b0haha b0b0haha
sanketsudake sanketsudake
ProTip! Advisories are also available from the GraphQL API