GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,061 advisories
OpenFGA Authorization Bypass
Moderate
CVE-2025-46331
was published
for
github.com/openfga/openfga
(Go)
Apr 30, 2025
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS
Moderate
CVE-2025-32963
was published
for
github.com/minio/operator
(Go)
Apr 21, 2025
In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters
Moderate
CVE-2025-32793
was published
for
github.com/cilium/cilium
(Go)
Apr 21, 2025
Mattermost Incorrect Authorization vulnerability
Moderate
CVE-2025-27571
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 16, 2025
Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm
Moderate
CVE-2025-2475
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 14, 2025
gorilla/csrf CSRF vulnerability due to broken Referer validation
Moderate
CVE-2025-24358
was published
for
github.com/gorilla/csrf
(Go)
Apr 14, 2025
Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow
Moderate
CVE-2025-32387
was published
for
helm.sh/helm/v3
(Go)
Apr 10, 2025
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
Moderate
CVE-2025-32386
was published
for
helm.sh/helm/v3
(Go)
Apr 10, 2025
bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing
Moderate
CVE-2025-32025
was published
for
github.com/bep/imagemeta
(Go)
Apr 9, 2025
bep/imagemeta allows excessively large EXIF data structures
Moderate
CVE-2025-32024
was published
for
github.com/bep/imagemeta
(Go)
Apr 9, 2025
Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration
Moderate
CVE-2025-31483
was published
for
miniflux.app/v2
(Go)
Apr 4, 2025
ProTip!
Advisories are also available from the
GraphQL API