GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
245 advisories
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints
Moderate
CVE-2025-66454
was published
for
arcade-mcp-server
(pip)
Dec 2, 2025
Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic
Moderate
CVE-2025-64715
was published
for
Ciliumgithub.com/cilium/cilium
(Go)
Dec 1, 2025
OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
Moderate
CVE-2025-66028
was published
for
@oneuptime/common
(npm)
Nov 25, 2025
Directus has Improper Permission Handling on Deleted Fields
Moderate
CVE-2025-64746
was published
for
directus
(npm)
Nov 14, 2025
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode
Moderate
CVE-2025-58337
was published
for
doris-mcp-server
(pip)
Nov 5, 2025
Silver has unrestricted traffic between Wireguard clients
Moderate
CVE-2025-27093
was published
for
github.com/bishopfox/sliver
(Go)
Oct 28, 2025
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration
Moderate
CVE-2025-53092
was published
for
@strapi/core
(npm)
Oct 16, 2025
Mautic segment cloning doesn't have a proper permission check
Moderate
CVE-2024-47055
was published
for
mautic/core
(Composer)
May 28, 2025
OpenFGA Authorization Bypass
Moderate
CVE-2025-46331
was published
for
github.com/openfga/openfga
(Go)
Apr 30, 2025
Vite allows server.fs.deny to be bypassed with .svg or relative paths
Moderate
CVE-2025-31486
was published
for
vite
(npm)
Apr 4, 2025
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Moderate
CVE-2025-31125
was published
for
vite
(npm)
Mar 31, 2025
ProTip!
Advisories are also available from the
GraphQL API