GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk
High
CVE-2026-33252
was published
for
github.com/modelcontextprotocol/go-sdk
(Go)
Mar 19, 2026
WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
Critical
CVE-2026-30861
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 7, 2026
WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool
Critical
CVE-2026-30860
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
WeKnora has Broken Access Control - Cross-Tenant Data Exposure
High
CVE-2026-30859
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources
High
CVE-2026-30858
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
WeKnora has Unauthorized Cross‑Tenant Knowledge Base Cloning
Moderate
CVE-2026-30857
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
Moderate
CVE-2026-30856
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
WeKnora Vulnerable to Broken Access Control in Tenant Management
Critical
CVE-2026-30855
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 6, 2026
PinchTab has SSRF with Full Response Exfiltration via Download Handler
High
CVE-2026-30834
was published
for
github.com/pinchtab/pinchtab/cmd/pinchtab
(Go)
Mar 6, 2026
WeKnora is Vulnerable to SSRF via Redirection
Moderate
CVE-2026-30247
was published
for
github.com/Tencent/WeKnora
(Go)
Mar 5, 2026
ProTip!
Advisories are also available from the
GraphQL API