GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
524 advisories
tendermint-rs's Light Client Verifier allows malicious validators to spoof votes from other validators
High
GHSA-6jrf-4jv4-r9mw
was published
for
tendermint-light-client-verifier
(Rust)
Apr 9, 2025
GraphQL query operations security can be bypassed
High
CVE-2025-31481
was published
for
api-platform/core
(Composer)
Apr 4, 2025
Cilium node based network policies may incorrectly allow workload traffic
Low
CVE-2025-30163
was published
for
Ciliumgithub.com/cilium/cilium
(Go)
Mar 24, 2025
Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Low
CVE-2025-30162
was published
for
github.com/cilium/cilium
(Go)
Mar 24, 2025
Authorization Bypass in Next.js Middleware
Critical
CVE-2025-29927
was published
for
next
(npm)
Mar 21, 2025
Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods
Low
CVE-2025-27512
was published
for
zincati
(Rust)
Mar 17, 2025
Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content
Moderate
CVE-2025-27602
was published
for
Umbraco.Cms.Web.Backoffice
(NuGet)
Mar 11, 2025
IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations
Critical
CVE-2025-27507
was published
for
github.com/zitadel/zitadel
(Go)
Mar 4, 2025
Mautic allows Improper Authorization in Reporting API
High
CVE-2024-47053
was published
for
mautic/core
(Composer)
Feb 26, 2025
ProTip!
Advisories are also available from the
GraphQL API