Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,715
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

119 advisories

Loading
An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information... Moderate Unreviewed
CVE-2024-51037 was published Nov 15, 2024
Mattermost allows remote actor to set arbitrary RemoteId values for synced users Moderate
CVE-2024-41926 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
The origin of an external protocol handler prompt could have been obscured using a data: URL... Moderate Unreviewed
CVE-2024-10460 was published Oct 29, 2024
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed... Moderate Unreviewed
CVE-2024-7978 was published Aug 21, 2024
Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed... Moderate Unreviewed
CVE-2022-4917 was published Jul 29, 2023
An attacker could have abused XSLT error handling to associate attacker-controlled content with... Moderate Unreviewed
CVE-2022-38472 was published Dec 22, 2022
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the... Moderate Unreviewed
CVE-2020-15652 was published May 24, 2022
Gradio's CORS origin validation accepts the null origin Moderate
CVE-2024-47165 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of... Moderate Unreviewed
CVE-2024-44187 was published Sep 17, 2024
There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate... Moderate Unreviewed
CVE-2024-22062 was published Jul 9, 2024
Classic builder cache poisoning Moderate
CVE-2024-24557 was published for github.com/docker/docker (Go) Feb 1, 2024
vvoland rumpl
gabriellavengeo
Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent... Moderate Unreviewed
CVE-2023-5973 was published Apr 5, 2024
Lack of validation of origin in federation API in Conduit, allowing any remote server to... Moderate Unreviewed
CVE-2024-6301 was published Jun 25, 2024
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to... Moderate Unreviewed
CVE-2023-30996 was published Feb 26, 2024
A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between... Moderate Unreviewed
CVE-2024-2182 was published Mar 12, 2024
github.com/gofiber/fiber/v2 vulnerable to Origin Validation Error Moderate
CVE-2018-20744 was published for github.com/gofiber/fiber/v2 (Go) May 14, 2022
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via... Moderate Unreviewed
CVE-2023-5718 was published Oct 23, 2023
The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A... Moderate Unreviewed
CVE-2021-26737 was published Oct 23, 2023
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS... Moderate Unreviewed
CVE-2023-44190 was published Oct 12, 2023
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS... Moderate Unreviewed
CVE-2023-44189 was published Oct 12, 2023
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to... Moderate Unreviewed
CVE-2023-4045 was published Aug 1, 2023
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the... Moderate Unreviewed
CVE-2023-30949 was published Jul 26, 2023
In notification access permission dialog box, malicious application can embedded a very long... Moderate Unreviewed
CVE-2023-21260 was published Jul 13, 2023
The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that... Moderate Unreviewed
CVE-2023-2639 was published Jun 13, 2023
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab... Moderate Unreviewed
CVE-2023-23601 was published Jun 2, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database