Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,015
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

120 advisories

Loading
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows... Moderate Unreviewed
CVE-2017-8530 was published May 13, 2022
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows... Moderate Unreviewed
CVE-2017-8523 was published May 13, 2022
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature... Moderate Unreviewed
CVE-2017-8650 was published May 13, 2022
The internal WebBrowserPersist code does not use correct origin context for a resource being... Moderate Unreviewed
CVE-2018-12402 was published May 13, 2022
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81... Moderate Unreviewed
CVE-2018-16072 was published May 13, 2022
A same-origin policy violation allowing the theft of cross-origin URL entries when using the... Moderate Unreviewed
CVE-2018-18494 was published May 14, 2022
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta... Moderate Unreviewed
CVE-2018-18499 was published May 14, 2022
An audio capture session can started under an incorrect origin from the site making the capture... Moderate Unreviewed
CVE-2018-5109 was published May 14, 2022
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links... Moderate Unreviewed
CVE-2017-1000455 was published May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman Moderate
CVE-2021-4024 was published for github.com/containers/podman/v3 (Go) Jan 6, 2022
In all versions before 7.2.1.4, when proxy settings are configured in the network access resource... Moderate Unreviewed
CVE-2022-23032 was published Jan 26, 2022
Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote... Moderate Unreviewed
CVE-2022-0113 was published Feb 13, 2022
Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote... Moderate Unreviewed
CVE-2022-0120 was published Feb 13, 2022
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a... Moderate Unreviewed
CVE-2022-0111 was published Feb 13, 2022
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to... Moderate Unreviewed
CVE-2022-45139 was published Feb 27, 2023
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the... Moderate Unreviewed
CVE-2020-12397 was published May 24, 2022
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a... Moderate Unreviewed
CVE-2022-0108 was published Feb 13, 2022
Temi firmware 20190419.165201 does not properly verify that the source of data or communication... Moderate Unreviewed
CVE-2020-16168 was published May 24, 2022
Leaking of user information on Cross-Domain communication in sysend Moderate
CVE-2022-24762 was published for sysend (npm) Mar 14, 2022
Yii Incorrectly Implements CORS Moderate
CVE-2018-20745 was published for yiisoft/yii2 (Composer) May 14, 2022
CORS misconfiguration in socket.io Moderate
CVE-2020-28481 was published for socket.io (npm) Jan 20, 2021
Podman Origin Validation Error Moderate
CVE-2021-20199 was published for github.com/containers/podman/v3 (Go) May 18, 2021
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse... Moderate Unreviewed
CVE-2023-28794 was published Nov 6, 2023
Unintentional leakage of private information via cross-origin websocket session hijacking Moderate
CVE-2023-2850 was published for nodebb (npm) Jul 25, 2023
mowzk barisusakli
Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via... Moderate Unreviewed
CVE-2023-2886 was published May 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database