5 matches found
CVE-2026-48529
GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from differe...
CVE-2026-48529 GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion
GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from differe...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: github-mcp-server, clickhouse-operator, spire-server, smokescreen, flux, nova, aws-network-policy-agent, malcontent, sftpgo-plugin-eventsearch, karpenter, aws-load-balancer-controller, envoy-ratelimit, apko, osv-scanner, go, grafana-rollout-operator,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: actions-runner-controller-fips, local-path-provisioner-fips, cilium-certgen-fips, k8s-metacollector-fips, fluxcd-kustomize-mutating-webhook-fips, malcontent, oras-fips, flux-source-controller, supercronic-fips, newrelic-k8s-metadata-injection-fips,...
CVE-2026-33810 vulnerabilities
Vulnerabilities for packages: actions-runner-controller-fips, local-path-provisioner-fips, cilium-certgen-fips, k8s-metacollector-fips, fluxcd-kustomize-mutating-webhook-fips, malcontent, oras-fips, flux-source-controller, supercronic-fips, newrelic-k8s-metadata-injection-fips,...