Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

15 advisories

Loading
netfoil has a domain name filter bypass via multiple questions Moderate
GHSA-59qp-cfj3-rp64 was published for github.com/tinfoil-factory/netfoil (Go) Jul 7, 2026
Remark42: Cross-Site Scripting (XSS) on /api/v1/img via content-type spoofing High
CVE-2026-48788 was published for github.com/umputun/remark42 (Go) Jun 26, 2026
ildkh Credited to ildkh
Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters Moderate
CVE-2026-30246 was published for github.com/gofiber/fiber/v3 (Go) Apr 28, 2026
xeloxa Credited to xeloxa, gaby, and ReneWerner87 gaby gaby
ReneWerner87 ReneWerner87
Heimdall has an authorization bypass via path normalization mismatch High
CVE-2026-42274 was published for github.com/dadrus/heimdall (Go) Apr 25, 2026
Heimdall: Case-sensitive host matching may lead to policy bypass High
CVE-2026-42273 was published for github.com/dadrus/heimdall (Go) Apr 25, 2026
Heimdall: Case-sensitive handling of URL-encoded slashes may lead to inconsistent path interpretation High
CVE-2026-42272 was published for github.com/dadrus/heimdall (Go) Apr 25, 2026
Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk High
GHSA-q382-vc8q-7jhj was published for github.com/modelcontextprotocol/go-sdk (Go) Mar 19, 2026
anaximand3r Credited to anaximand3r
MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity High
CVE-2026-27896 was published for github.com/modelcontextprotocol/go-sdk (Go) Feb 26, 2026
anaximand3r Credited to anaximand3r
Path Normalization Bypass in Traefik Router + Middleware Rules Moderate
CVE-2025-66490 was published for github.com/traefik/traefik (Go) Dec 8, 2025
ShadoooooW Credited to ShadoooooW
RatPanel can perform remote command execution without authorization High
CVE-2025-53534 was published for github.com/tnborg/panel (Go) Aug 4, 2025
LTLTLXEY Credited to LTLTLXEY and devhaozi devhaozi devhaozi
Git LFS permits exfiltration of credentials via crafted HTTP URLs High
CVE-2024-53263 was published for github.com/git-lfs/git-lfs (Go) Jan 14, 2025
Ry0taK Credited to Ry0taK
Gateway API route matching order contradicts specification Moderate
CVE-2024-42487 was published for github.com/cilium/cilium (Go) Aug 15, 2024
sayboras Credited to sayboras
btcd susceptible to consensus failures Moderate
CVE-2024-34478 was published for github.com/btcsuite/btcd (Go) May 5, 2024
Broken Authorization in ZITADEL Actions High
CVE-2022-36051 was published for github.com/zitadel/zitadel (Go) Aug 30, 2022
mezdanak Credited to mezdanak
Ethereum Contains Consensus Flaw During Block Processing Moderate
CVE-2021-39137 was published for github.com/ethereum/go-ethereum (Go) Aug 30, 2021
guidovranken Credited to guidovranken
ProTip! Advisories are also available from the GraphQL API