GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
567 advisories
Improper Request Caching Lookup in the Auth0 Next.js SDK
Moderate
CVE-2025-67490
was published
for
@auth0/nextjs-auth0
(npm)
Dec 10, 2025
Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands
High
CVE-2025-66623
was published
for
io.strimzi:strimzi
(Maven)
Dec 5, 2025
OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
Moderate
CVE-2025-66028
was published
for
@oneuptime/common
(npm)
Nov 25, 2025
Apollo Federation has Improper Enforcement of Access Control on Transitive Fields
High
GHSA-m8jr-fxqx-8xx6
was published
for
@apollo/composition
(npm)
Nov 14, 2025
Directus has Improper Permission Handling on Deleted Fields
Moderate
CVE-2025-64746
was published
for
directus
(npm)
Nov 14, 2025
Incorrect Authorization in Apache Solr
Moderate
CVE-2018-11802
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2022
Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)
High
CVE-2025-59420
was published
for
authlib
(pip)
Sep 22, 2025
ProTip!
Advisories are also available from the
GraphQL API