GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6 advisories
@hulumi/baseline: AccountFoundation reuse paths silently downgrade GuardDuty / Security Hub posture
Moderate
CVE-2026-48037
was published
for
@hulumi/baseline
(npm)
Jun 10, 2026
@hulumi/drift: Drift classifier fails open on adapter errors and over-promotes Mixed verdicts
High
CVE-2026-48036
was published
for
@hulumi/drift
(npm)
Jun 10, 2026
@hulumi/baseline: AccountFoundation audit-delivery S3 bucket could be silently weakened
High
CVE-2026-48035
was published
for
@hulumi/baseline
(npm)
Jun 10, 2026
@hulumi/policies has a HULUMI-H5 bypass via decoy sibling resources targeting a different bucket
High
CVE-2026-48034
was published
for
@hulumi/policies
(npm)
Jun 10, 2026
@hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name
High
CVE-2026-48033
was published
for
@hulumi/policies
(npm)
Jun 10, 2026
@hulumi/policies bypasses IAM-role policy checks when the role trusts multiple OIDC providers
High
CVE-2026-48032
was published
for
@hulumi/policies
(npm)
Jun 10, 2026
ProTip!
Advisories are also available from the
GraphQL API