Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

87 advisories

Loading
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of... High Unreviewed
CVE-2018-4319 was published May 13, 2022
An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware... High Unreviewed
CVE-2018-3834 was published May 13, 2022
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which... High Unreviewed
CVE-2009-1185 was published May 2, 2022
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000,... High Unreviewed
CVE-2000-1218 was published Apr 30, 2022
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed High Unreviewed
CVE-2022-29818 was published Apr 29, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source... High Unreviewed
CVE-2021-32985 was published Apr 5, 2022
In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL... High Unreviewed
CVE-2020-24772 was published Mar 22, 2022
Cookie and header exposure in twisted High
CVE-2022-21712 was published for Twisted (pip) Feb 7, 2022
ranjit-git alex
twm
Origin Validation Error in Magento 2 High
CVE-2020-8818 was published for cardgate/magento2 (Composer) Oct 12, 2021
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
Remote code execution in Eclipse Theia High
CVE-2021-34435 was published for @theia/mini-browser (npm) Sep 2, 2021
Backend Same-Site Request Forgery in TYPO3 CMS High
CVE-2020-11069 was published for typo3/cms (Composer) May 13, 2020
ohader
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database