GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
520 advisories
OpenFGA Authorization Bypass
Moderate
CVE-2025-55213
was published
for
github.com/openfga/openfga
(Go)
Aug 18, 2025
Capsule tenant owners with "patch namespace" permission can hijack system namespaces label
Critical
CVE-2025-55205
was published
for
github.com/projectcapsule/capsule
(Go)
Aug 18, 2025
@fedify/fedify has Improper Authentication and Incorrect Authorization
High
CVE-2025-54888
was published
for
@fedify/fedify
(npm)
Aug 8, 2025
GitProxy Approval Bypass When Pushing Multiple Branches
High
CVE-2025-54583
was published
for
@finos/git-proxy
(npm)
Jul 30, 2025
OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0
Moderate
CVE-2021-21411
was published
for
github.com/oauth2-proxy/oauth2-proxy/v7
(Go)
Jul 30, 2025
XWiki Rendering is vulnerable to RCE attacks when processing nested macros
Critical
CVE-2025-53836
was published
for
org.xwiki.rendering:xwiki-rendering-transformation-macro
(Maven)
Jul 14, 2025
Incus creates nftables rules that partially bypass security options
High
CVE-2025-52890
was published
for
github.com/lxc/incus/v6
(Go)
Jun 26, 2025
DNN.PLATFORM possibly allows bypass of IP Filters
High
CVE-2025-52487
was published
for
DNN.PLATFORM
(NuGet)
Jun 20, 2025
Deno has --allow-read / --allow-write permission bypass in `node:sqlite`
Moderate
CVE-2025-48935
was published
for
deno
(Rust)
Jun 4, 2025
Deno run with --allow-read and --deny-read flags results in allowed
Moderate
CVE-2025-48888
was published
for
deno
(Rust)
Jun 4, 2025
ProTip!
Advisories are also available from the
GraphQL API