GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4 advisories
etcd: Authorization bypasses in multiple APIs
High
CVE-2026-33413
was published
for
go.etcd.io/etcd
(Go)
Mar 20, 2026
Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass
High
CVE-2026-27588
was published
for
github.com/caddyserver/caddy/v2
(Go)
Feb 24, 2026
Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass
High
CVE-2026-27587
was published
for
github.com/caddyserver/caddy/v2
(Go)
Feb 24, 2026
Traefik: TCP readTimeout bypass via STARTTLS on Postgres
High
CVE-2026-25949
was published
for
github.com/traefik/traefik/v3
(Go)
Feb 12, 2026
ProTip!
Advisories are also available from the
GraphQL API