GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
A compromised content process could have allowed for the arbitrary loading of cross-origin pages....
Critical
Unreviewed
CVE-2024-9392
was published
Oct 1, 2024
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.
Critical
Unreviewed
CVE-2024-41475
was published
Aug 12, 2024
The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.
Critical
Unreviewed
CVE-2021-47157
was published
Mar 18, 2024
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Critical
CVE-2024-25124
was published
for
github.com/gofiber/fiber/v2
(Go)
Feb 22, 2024
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to...
Critical
Unreviewed
CVE-2023-3654
was published
Oct 3, 2023
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site...
Critical
Unreviewed
CVE-2023-0957
was published
Jul 6, 2023
code-server vulnerable to Missing Origin Validation in WebSockets
Critical
CVE-2023-26114
was published
for
code-server
(npm)
Mar 23, 2023
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected...
Critical
Unreviewed
CVE-2014-125071
was published
Jan 9, 2023
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy
Critical
CVE-2017-20146
was published
for
github.com/gorilla/handlers
(Go)
Dec 28, 2022
Tailscale Windows daemon is vulnerable to RCE via CSRF
Critical
CVE-2022-41924
was published
for
tailscale.com
(Go)
Nov 21, 2022
Origin Validation Error in rdiffweb
Critical
CVE-2022-3457
was published
for
rdiffweb
(pip)
Oct 14, 2022
The vulnerability causing from insufficient verification procedures for downloaded files during...
Critical
Unreviewed
CVE-2022-23764
was published
Aug 18, 2022
A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could...
Critical
Unreviewed
CVE-2019-15020
was published
May 24, 2022
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and...
Critical
Unreviewed
CVE-2018-5409
was published
May 24, 2022
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin...
Critical
Unreviewed
CVE-2017-13274
was published
May 14, 2022
WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active...
Critical
Unreviewed
CVE-2018-5116
was published
May 14, 2022
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications...
Critical
Unreviewed
CVE-2018-5400
was published
May 13, 2022
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with...
Critical
Unreviewed
CVE-2017-6519
was published
May 13, 2022
glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html...
Critical
Unreviewed
CVE-2021-44935
was published
Dec 15, 2021
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS)...
Critical
Unreviewed
CVE-2021-39063
was published
Dec 14, 2021
Default CORS config allows any origin with credentials
Critical
CVE-2021-39185
was published
for
org.http4s:http4s-server
(Maven)
Sep 2, 2021
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
Origin Validation Error in Apache Maven
Critical
CVE-2021-26291
was published
for
org.apache.maven:maven-compat
(Maven)
Jun 16, 2021
Steam Socialite Provider v1 does not correctly validate openid server
Critical
GHSA-hhw9-35p2-q2c5
was published
for
socialiteproviders/steam
(Composer)
Jan 29, 2021
ProTip!
Advisories are also available from the
GraphQL API