Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

41 advisories

Loading
Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing High
CVE-2026-49451 was published for Microsoft.OpenAPI (NuGet) Jun 30, 2026
baywet Credited to baywet, cookesan, Falco20019, and mahsa-lamiyan cookesan cookesan
Falco20019 Falco20019 mahsa-lamiyan mahsa-lamiyan
vm2 has a Sandbox Escape issue Critical
CVE-2026-47131 was published for vm2 (npm) May 29, 2026
cookesan Credited to cookesan
Duplicate Advisory: Hackney has an Allocation of Resources Without Limits or Throttling vulnerabilit High
GHSA-76v6-f83q-pxvh was published for hackney (Erlang) May 26, 2026 withdrawn
cookesan Credited to cookesan
Electerm Local code through electerm's single-instance socket Critical
CVE-2026-45353 was published for electerm (npm) May 14, 2026
amwhoi Credited to amwhoi and cookesan cookesan cookesan
nginx-ui Backup Restore Allows Tampering with Encrypted Backups Critical
CVE-2026-33026 was published for github.com/0xJacky/Nginx-UI (Go) Mar 30, 2026
dapickle Credited to dapickle and cookesan cookesan cookesan
@enclave-vm/core is vulnerable to Sandbox Escape Critical
CVE-2026-27597 was published for @enclave-vm/core (npm) Feb 25, 2026
c0rydoras Credited to c0rydoras, frontegg-david, and cookesan frontegg-david frontegg-david
cookesan cookesan
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise Critical
CVE-2026-26190 was published for github.com/milvus-io/milvus (Go) Feb 11, 2026
0x1f Credited to 0x1f and cookesan cookesan cookesan
Karmada Dashboard API Unauthorized Access Vulnerability Critical
CVE-2025-62714 was published for github.com/karmada-io/dashboard (Go) Oct 24, 2025
warjiang Credited to warjiang, noxosd, RainbowMango, and cookesan noxosd noxosd
RainbowMango RainbowMango cookesan cookesan
NATS Server may fail to authorize certain Jetstream admin APIs Critical
CVE-2025-30215 was published for github.com/nats-io/nats-server/v2 (Go) Apr 15, 2025
zarqman Credited to zarqman and cookesan cookesan cookesan
Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times Moderate
CVE-2025-31135 was published for github.com/phires/go-guerrilla (Go) Apr 1, 2025
Zenexer Credited to Zenexer and cookesan cookesan cookesan
lxd has a restricted TLS certificate privilege escalation when in PKI mode Low
CVE-2024-6219 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing Credited to markylaing and cookesan cookesan cookesan
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs Moderate
GHSA-r4pg-vg54-wxx4 was published for github.com/cert-manager/cert-manager (Go) Nov 20, 2024
cookesan Credited to cookesan
Git credentials are exposed in Atlantis logs High
CVE-2024-52009 was published for github.com/runatlantis/atlantis (Go) Nov 8, 2024
niooss-ledger Credited to niooss-ledger and cookesan cookesan cookesan
CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data High
GHSA-p7mv-53f2-4cwj was published for github.com/cometbft/cometbft (Go) Nov 6, 2024
corverroos Credited to corverroos and cookesan cookesan cookesan
CoreDNS Cache Poisoning via a birthday attack Moderate
CVE-2023-30464 was published for github.com/coredns/coredns (Go) Sep 18, 2024
cookesan Credited to cookesan
CosmWasm wasmd has large address count in ValidateBasic Moderate
GHSA-m3rh-cvr5-x6q4 was published for github.com/CosmWasm/wasmd (Go) Aug 8, 2024
sushiwushi Credited to sushiwushi and cookesan cookesan cookesan
1Panel arbitrary file write vulnerability Moderate
CVE-2024-34352 was published for github.com/1Panel-dev/1Panel (Go) May 9, 2024
an5er Credited to an5er and cookesan cookesan cookesan
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint Critical
CVE-2024-2952 was published for litellm (pip) Apr 10, 2024
ishaan-jaff Credited to ishaan-jaff, r3kumar, and cookesan r3kumar r3kumar
cookesan cookesan
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF High
CVE-2024-23828 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1 Credited to Elleuch-x1, 0xJacky, and cookesan 0xJacky 0xJacky
cookesan cookesan
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature Critical
CVE-2024-23827 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1 Credited to Elleuch-x1, 0xJacky, and cookesan 0xJacky 0xJacky
cookesan cookesan
Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268) High
CVE-2024-22198 was published for github.com/0xJacky/Nginx-UI (Go) Jan 11, 2024
jorgectf Credited to jorgectf, Hintay, and cookesan Hintay Hintay
cookesan cookesan
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269) High
CVE-2024-22197 was published for github.com/0xJacky/Nginx-UI (Go) Jan 11, 2024
jorgectf Credited to jorgectf, Hintay, and cookesan Hintay Hintay
cookesan cookesan
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270) High
CVE-2024-22196 was published for github.com/0xJacky/Nginx-UI (Go) Jan 11, 2024
jorgectf Credited to jorgectf, Hintay, and cookesan Hintay Hintay
cookesan cookesan
Kube-proxy may unintentionally forward traffic Moderate
CVE-2021-25736 was published for k8s.io/kubernetes (Go) Oct 30, 2023
cookesan Credited to cookesan
langchain vulnerable to arbitrary code execution Critical
CVE-2023-36188 was published for langchain (pip) Jul 6, 2023
cookesan Credited to cookesan
ProTip! Advisories are also available from the GraphQL API