GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
70 advisories
Filter by severity
In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL...
High
Unreviewed
CVE-2020-24772
was published
Mar 22, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source...
High
Unreviewed
CVE-2021-32985
was published
Apr 5, 2022
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
High
Unreviewed
CVE-2022-29818
was published
Apr 29, 2022
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000,...
High
Unreviewed
CVE-2000-1218
was published
Apr 30, 2022
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which...
High
Unreviewed
CVE-2009-1185
was published
May 2, 2022
An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware...
High
Unreviewed
CVE-2018-3834
was published
May 13, 2022
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of...
High
Unreviewed
CVE-2018-4319
was published
May 13, 2022
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms...
High
Unreviewed
CVE-2019-7399
was published
May 13, 2022
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3,...
High
Unreviewed
CVE-2014-1487
was published
May 13, 2022
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the...
High
Unreviewed
CVE-2011-2856
was published
May 13, 2022
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in...
High
Unreviewed
CVE-2018-6690
was published
May 13, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request...
High
Unreviewed
CVE-2017-8793
was published
May 13, 2022
The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover...
High
Unreviewed
CVE-2018-6654
was published
May 13, 2022
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which...
High
Unreviewed
CVE-2018-6764
was published
May 13, 2022
EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates...
High
Unreviewed
CVE-2018-14903
was published
May 14, 2022
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does...
High
Unreviewed
CVE-2016-9902
was published
May 14, 2022
Response header name interning does not have same-origin protections and these headers are stored...
High
Unreviewed
CVE-2017-7797
was published
May 14, 2022
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same...
High
Unreviewed
CVE-2016-5168
was published
May 17, 2022
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0...
High
Unreviewed
CVE-2016-8358
was published
May 17, 2022
Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can...
High
Unreviewed
CVE-2022-25227
was published
May 21, 2022
The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content...
High
Unreviewed
CVE-2019-9803
was published
May 24, 2022
A vulnerability exists during the installation of add-ons where the initial fetch ignored the...
High
Unreviewed
CVE-2019-11723
was published
May 24, 2022
An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality...
High
Unreviewed
CVE-2019-5036
was published
May 24, 2022
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep...
High
Unreviewed
CVE-2019-16235
was published
May 24, 2022
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep...
High
Unreviewed
CVE-2019-16237
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API