GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
6 advisories
GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands
High
CVE-2026-48501
was published
for
github.com/cli/cli/v2
(Go)
May 29, 2026
go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names
Moderate
CVE-2026-24686
was published
for
github.com/theupdateframework/go-tuf/v2
(Go)
Jan 26, 2026
go-tuf improperly validates the configured threshold for delegations
Moderate
CVE-2026-23992
was published
for
github.com/theupdateframework/go-tuf/v2
(Go)
Jan 21, 2026
go-tuf affected by client DoS via malformed server response
Moderate
CVE-2026-23991
was published
for
github.com/theupdateframework/go-tuf/v2
(Go)
Jan 21, 2026
`gh attestation verify` returns incorrect exit code during verification if no attestations are present
Moderate
CVE-2025-25204
was published
for
github.com/cli/cli/v2
(Go)
Feb 14, 2025
Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata
Low
GHSA-3633-5h82-39pq
was published
for
github.com/theupdateframework/go-tuf
(Go)
Sep 16, 2022
ProTip!
Advisories are also available from the
GraphQL API