GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
651 advisories
Vite has an `server.fs.deny` bypass with an invalid `request-target`
Moderate
CVE-2025-32395
was published
for
vite
(npm)
Apr 11, 2025
Vite allows server.fs.deny to be bypassed with .svg or relative paths
Moderate
CVE-2025-31486
was published
for
vite
(npm)
Apr 4, 2025
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Moderate
CVE-2025-31125
was published
for
vite
(npm)
Mar 31, 2025
Directus `search` query parameter allows enumeration of non permitted fields
Moderate
CVE-2025-30352
was published
for
directus
(npm)
Mar 26, 2025
Vite bypasses server.fs.deny when using ?raw??
Moderate
CVE-2025-30208
was published
for
vite
(npm)
Mar 25, 2025
Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD
Moderate
CVE-2025-29781
was published
for
github.com/metal3-io/baremetal-operator/apis
(Go)
Mar 17, 2025
Rancher's SAML-based login via CLI can be denied by unauthenticated users
Moderate
CVE-2025-23387
was published
for
github.com/rancher/rancher
(Go)
Feb 27, 2025
GeoNetwork search end-point information disclosure in response headers
Moderate
CVE-2024-32037
was published
for
org.geonetwork-opensource:gn-services
(Maven)
Feb 11, 2025
Argo CD does not scrub secret values from patch errors
Moderate
CVE-2025-23216
was published
for
github.com/argoproj/argo-cd
(Go)
Jan 30, 2025
Kubewarden-Controller information leak via AdmissionPolicyGroup Resource
Moderate
CVE-2025-24784
was published
for
github.com/kubewarden/kubewarden-controller
(Go)
Jan 30, 2025
Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Moderate
CVE-2025-24360
was published
for
@nuxt/vite-builder
(npm)
Jan 27, 2025
HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information
Moderate
CVE-2025-24363
was published
for
org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli
(Maven)
Jan 24, 2025
Welcome and About GeoServer pages communicate version and revision information
Moderate
CVE-2024-35230
was published
for
org.geoserver.web:gs-web-app
(Maven)
Dec 16, 2024
Access to Archived Argo Workflows with Fake Token in `client` mode
Moderate
CVE-2024-53862
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Dec 2, 2024
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts
Moderate
CVE-2024-53858
was published
for
github.com/cli/cli/v2
(Go)
Nov 27, 2024
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace
Moderate
CVE-2024-53859
was published
for
github.com/cli/go-gh
(Go)
Nov 27, 2024
ProTip!
Advisories are also available from the
GraphQL API