GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
MCP Registry: OCI validator skips ownership check on upstream rate limits
Low
CVE-2026-45781
was published
for
github.com/modelcontextprotocol/registry
(Go)
May 19, 2026
MCP Registry has an unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist
Moderate
CVE-2026-44430
was published
for
github.com/modelcontextprotocol/registry
(Go)
May 8, 2026
MCP Registry vulnerable to stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`
Moderate
CVE-2026-44429
was published
for
github.com/modelcontextprotocol/registry
(Go)
May 8, 2026
MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience
Low
CVE-2026-44428
was published
for
github.com/modelcontextprotocol/registry
(Go)
May 8, 2026
MCP Registry has open redirect via protocol-relative path in trailing-slash middleware
Moderate
CVE-2026-44427
was published
for
github.com/modelcontextprotocol/registry
(Go)
May 8, 2026
go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names
Moderate
CVE-2026-24686
was published
for
github.com/theupdateframework/go-tuf/v2
(Go)
Jan 26, 2026
go-tuf improperly validates the configured threshold for delegations
Moderate
CVE-2026-23992
was published
for
github.com/theupdateframework/go-tuf/v2
(Go)
Jan 21, 2026
go-tuf affected by client DoS via malformed server response
Moderate
CVE-2026-23991
was published
for
github.com/theupdateframework/go-tuf/v2
(Go)
Jan 21, 2026
Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata
Low
GHSA-3633-5h82-39pq
was published
for
github.com/theupdateframework/go-tuf
(Go)
Sep 16, 2022
Improper Validation of Integrity Check Value in go-tuf
High
CVE-2022-29173
was published
for
github.com/theupdateframework/go-tuf
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API