GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
21,898 advisories
Directus's webhook trigger flows can leak sensitive data
High
CVE-2025-30353
was published
for
directus
(npm)
Mar 26, 2025
Directus `search` query parameter allows enumeration of non permitted fields
Moderate
CVE-2025-30352
was published
for
directus
(npm)
Mar 26, 2025
Directus's S3 assets become unavailable after a burst of HEAD requests
Moderate
CVE-2025-30350
was published
for
@directus/storage-driver-s3
(npm)
Mar 26, 2025
Directus's S3 assets become unavailable after a burst of malformed transformations
Moderate
CVE-2025-30225
was published
for
@directus/storage-driver-s3
(npm)
Mar 26, 2025
Frappe has possibility of SQL injection due to improper validations
Moderate
CVE-2025-30217
was published
for
frappe
(pip)
Mar 26, 2025
Vite bypasses server.fs.deny when using ?raw??
Moderate
CVE-2025-30208
was published
for
vite
(npm)
Mar 25, 2025
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
High
CVE-2025-1097
was published
for
k8s.io/ingress-nginx
(Go)
Mar 25, 2025
ingress-nginx controller - configuration injection via unsanitized mirror annotations
High
CVE-2025-1098
was published
for
k8s.io/ingress-nginx
(Go)
Mar 25, 2025
ingress-nginx admission controller RCE escalation
Critical
CVE-2025-1974
was published
for
k8s.io/ingress-nginx
(Go)
Mar 25, 2025
ingress-nginx controller - auth secret file path traversal vulnerability
Moderate
CVE-2025-24513
was published
for
k8s.io/ingress-nginx
(Go)
Mar 25, 2025
ingress-nginx controller - configuration injection via unsanitized auth-url annotation
High
CVE-2025-24514
was published
for
k8s.io/ingress-nginx
(Go)
Mar 25, 2025
ProTip!
Advisories are also available from the
GraphQL API