GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
231 advisories
GitProxy New Branch Approval Exploit
High
CVE-2025-54585
was published
for
@finos/git-proxy
(npm)
Jul 30, 2025
OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0
Moderate
CVE-2021-21411
was published
for
github.com/oauth2-proxy/oauth2-proxy/v7
(Go)
Jul 30, 2025
HAX CMS API Lacks Authorization Checks
High
CVE-2025-54378
was published
for
@haxtheweb/haxcms-nodejs
(Composer)
Jul 25, 2025
Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows
Moderate
CVE-2025-53889
was published
for
directus
(npm)
Jul 15, 2025
Juju allows arbitrary executable uploads via authenticated endpoint without authorization
High
CVE-2025-0928
was published
for
github.com/juju/juju
(Go)
Jul 9, 2025
Graylog vulnerable to privilege escalation through API tokens
High
CVE-2025-53106
was published
for
org.graylog2:graylog2-server
(Maven)
Jun 30, 2025
OpenFGA Authorization Bypass
Moderate
CVE-2025-48371
was published
for
github.com/openfga/openfga
(Go)
May 23, 2025
NATS Server may fail to authorize certain Jetstream admin APIs
Critical
CVE-2025-30215
was published
for
github.com/nats-io/nats-server/v2
(Go)
Apr 15, 2025
Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value
Moderate
CVE-2025-30373
was published
for
org.graylog2:graylog2-server
(Maven)
Apr 7, 2025
Kyverno ignores subjectRegExp and IssuerRegExp
Moderate
CVE-2025-29778
was published
for
github.com/kyverno/kyverno
(Go)
Mar 24, 2025
Authorization Bypass in Next.js Middleware
Critical
CVE-2025-29927
was published
for
next
(npm)
Mar 21, 2025
kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace
Critical
CVE-2025-29922
was published
for
github.com/kcp-dev/kcp
(Go)
Mar 20, 2025
ProTip!
Advisories are also available from the
GraphQL API