GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
15 advisories
Filter by severity
The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.
Critical
Unreviewed
CVE-2021-47157
was published
Mar 18, 2024
A compromised content process could have allowed for the arbitrary loading of cross-origin pages....
Critical
Unreviewed
CVE-2024-9392
was published
Oct 1, 2024
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.
Critical
Unreviewed
CVE-2024-41475
was published
Aug 12, 2024
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and...
Critical
Unreviewed
CVE-2018-5409
was published
May 24, 2022
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site...
Critical
Unreviewed
CVE-2023-0957
was published
Jul 6, 2023
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected...
Critical
Unreviewed
CVE-2014-125071
was published
Jan 9, 2023
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to...
Critical
Unreviewed
CVE-2023-3654
was published
Oct 3, 2023
A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could...
Critical
Unreviewed
CVE-2019-15020
was published
May 24, 2022
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin...
Critical
Unreviewed
CVE-2017-13274
was published
May 14, 2022
WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active...
Critical
Unreviewed
CVE-2018-5116
was published
May 14, 2022
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications...
Critical
Unreviewed
CVE-2018-5400
was published
May 13, 2022
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with...
Critical
Unreviewed
CVE-2017-6519
was published
May 13, 2022
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS)...
Critical
Unreviewed
CVE-2021-39063
was published
Dec 14, 2021
glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html...
Critical
Unreviewed
CVE-2021-44935
was published
Dec 15, 2021
The vulnerability causing from insufficient verification procedures for downloaded files during...
Critical
Unreviewed
CVE-2022-23764
was published
Aug 18, 2022
ProTip!
Advisories are also available from the
GraphQL API