GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
34 advisories
OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0
Moderate
CVE-2021-21411
was published
for
github.com/oauth2-proxy/oauth2-proxy/v7
(Go)
Jul 30, 2025
OpenFGA Authorization Bypass
Moderate
CVE-2025-48371
was published
for
github.com/openfga/openfga
(Go)
May 23, 2025
Kyverno ignores subjectRegExp and IssuerRegExp
Moderate
CVE-2025-29778
was published
for
github.com/kyverno/kyverno
(Go)
Mar 24, 2025
Kubewarden-Controller information leak via AdmissionPolicyGroup Resource
Moderate
CVE-2025-24784
was published
for
github.com/kubewarden/kubewarden-controller
(Go)
Jan 30, 2025
CVE-2024-5138: snapd snapctl auth bypass
Moderate
CVE-2024-5138
was published
for
github.com/snapcore/snapd
(Go)
Jan 16, 2025
OpenFGA Authorization Bypass
Moderate
CVE-2024-56323
was published
for
github.com/openfga/openfga
(Go)
Jan 13, 2025
Harbor fails to validate the user permissions when updating a robot account
Moderate
CVE-2022-31667
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
Harbor fails to validate the user permissions when updating tag immutability policies
Moderate
CVE-2022-31669
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
Moderate
CVE-2024-46989
was published
for
github.com/authzed/spicedb
(Go)
Sep 18, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Moderate
CVE-2024-45043
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
(Go)
Aug 29, 2024
Arbitrary File Override in Docker Engine
Moderate
CVE-2015-3631
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Kyverno resource with a deletionTimestamp may allow policy circumvention
Moderate
CVE-2023-34091
was published
for
github.com/kyverno/kyverno
(Go)
Jun 5, 2023
ProTip!
Advisories are also available from the
GraphQL API