GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables
Moderate
CVE-2026-46618
was published
for
github.com/fission/fission
(Go)
May 21, 2026
Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
High
CVE-2026-46612
was published
for
github.com/fission/fission
(Go)
May 21, 2026
Local Path Provisioner Vulnerable to HelperPod Template Injection
High
CVE-2026-44543
was published
for
github.com/rancher/local-path-provisioner
(Go)
May 11, 2026
Kyverno APICall SSRF Vulnerability Leading to Multi-Tenant Isolation Breach
High
GHSA-fmqp-4wfc-w3v7
was published
for
github.com/kyverno/kyverno
(Go)
Apr 14, 2026
Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS
High
CVE-2026-32254
was published
for
github.com/cloudnativelabs/kube-router/v2
(Go)
Mar 17, 2026
Nuclio Shell Runtime Command Injection Leading to Privilege Escalation
High
CVE-2026-29042
was published
for
github.com/nuclio/nuclio
(Go)
Mar 4, 2026
OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field
Low
CVE-2026-24005
was published
for
github.com/openkruise/kruise
(Go)
Feb 25, 2026
Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName
High
CVE-2026-24470
was published
for
github.com/zalando/skipper
(Go)
Jan 26, 2026
ProTip!
Advisories are also available from the
GraphQL API