GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3 advisories
MCP Registry: OCI validator skips ownership check on upstream rate limits
Low
CVE-2026-45781
was published
for
github.com/modelcontextprotocol/registry
(Go)
May 19, 2026
MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience
Low
CVE-2026-44428
was published
for
github.com/modelcontextprotocol/registry
(Go)
May 8, 2026
Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata
Low
GHSA-3633-5h82-39pq
was published
for
github.com/theupdateframework/go-tuf
(Go)
Sep 16, 2022
ProTip!
Advisories are also available from the
GraphQL API