Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

333 advisories

Loading
omec-project amf Vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer Low
CVE-2026-9301 was published for github.com/omec-project/amf (Go) May 26, 2026
omec-project amf Vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer Low
CVE-2026-9299 was published for github.com/omec-project/amf (Go) May 26, 2026
omec-project amf Vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer Low
CVE-2026-9300 was published for github.com/omec-project/amf (Go) May 26, 2026
SpiceDB: Caveat structures with nested lists can result in improper cache reuse Low
CVE-2026-46668 was published for github.com/authzed/spicedb (Go) May 21, 2026
androidqf: APK download Path Traversal in device APK paths Low
GHSA-763j-3p5v-jfc6 was published for github.com/mvt-project/androidqf (Go) May 21, 2026
androidqf: Zip entry Name Injection in APK bundle (Zip Slip for zip consumers) Low
GHSA-jf2q-463c-6f52 was published for github.com/mvt-project/androidqf (Go) May 21, 2026
OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server Low
GHSA-pxh5-6rrc-8rjv was published for github.com/opentofu/opentofu (Go) May 20, 2026
GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape sequence injection Low
CVE-2026-45803 was published for github.com/cli/cli (Go) May 19, 2026
MCP Registry: OCI validator skips ownership check on upstream rate limits Low
CVE-2026-45781 was published for github.com/modelcontextprotocol/registry (Go) May 19, 2026
rdimitrov Credited to rdimitrov
go-git: Improper single-quote escaping in go-git SSH transport Low
CVE-2026-45570 was published for github.com/go-git/go-git (Go) May 19, 2026
N0zoM1z0 Credited to N0zoM1z0 and hiddeco hiddeco hiddeco
OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure Low
CVE-2026-45683 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias and grcevski grcevski grcevski
Mattermost doesn't check if {{team_id}} was being changed when updating playbooks Low
CVE-2026-4286 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) May 18, 2026
Mattermost doesn't validate the Host header when constructing response URLs for custom slash command Low
CVE-2026-6333 was published for github.com/mattermost/mattermost-server (Go) May 18, 2026
Mattermost doesn't escape some variables that could contain malicious content during error page composition Low
CVE-2026-3495 was published for github.com/mattermost/mattermost-server (Go) May 18, 2026
Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow Low
CVE-2026-6334 was published for github.com/mattermost/mattermost-server (Go) May 18, 2026
Mattermost doesn't validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation Low
CVE-2026-4273 was published for github.com/mattermost/mattermost-server (Go) May 18, 2026
AMF Vulnerable to Improper Resource Shutdown or Release Low
CVE-2026-8783 was published for github.com/omec-project/amf (Go) May 18, 2026
AMF Vulnerable to Improper Resource Shutdown or Release Low
CVE-2026-8782 was published for github.com/omec-project/amf (Go) May 18, 2026
AMF Vulnerable to Improper Resource Shutdown or Release Low
CVE-2026-8781 was published for github.com/omec-project/amf (Go) May 18, 2026
AMF Improperly Restricts Operations within the Bounds of a Memory Buffer Low
CVE-2026-8780 was published for github.com/omec-project/amf (Go) May 18, 2026
AMF Improperly Restricts Operations within the Bounds of a Memory Buffer Low
CVE-2026-8779 was published for github.com/omec-project/amf (Go) May 18, 2026
Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields Low
CVE-2026-4053 was published for github.com/mattermost/mattermost-server (Go) May 15, 2026
omec-project amf crashes when processing malformed LocationReports Low
CVE-2026-8349 was published for github.com/omec-project/amf (Go) May 12, 2026
Ella Core has handover failures during concurrent Security Mode Command Low
CVE-2026-44474 was published for github.com/ellanetworks/core (Go) May 11, 2026
SJNA0414 Credited to SJNA0414, ICSR-KMU, and bradypus404 ICSR-KMU ICSR-KMU
bradypus404 bradypus404
bettercap Has an Integer Coercion Error in modules/mysql_server/mysql_server.go Low
CVE-2026-8276 was published for github.com/bettercap/bettercap/v2 (Go) May 11, 2026
ProTip! Advisories are also available from the GraphQL API