Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

231 advisories

Loading
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle... Moderate Unreviewed
CVE-2011-3956 was published May 13, 2022
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with... Critical Unreviewed
CVE-2017-6519 was published May 13, 2022
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the... High Unreviewed
CVE-2011-2856 was published May 13, 2022
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1,... Moderate Unreviewed
CVE-2012-4193 was published May 13, 2022
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3,... High Unreviewed
CVE-2014-1487 was published May 13, 2022
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS)... Critical Unreviewed
CVE-2021-39063 was published Dec 14, 2021
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla... Moderate Unreviewed
CVE-2014-1502 was published May 13, 2022
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms... High Unreviewed
CVE-2019-7399 was published May 13, 2022
When a user loaded a Web Extensions context menu, the Web Extension could access the post... Moderate Unreviewed
CVE-2021-43531 was published Dec 9, 2021
glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html... Critical Unreviewed
CVE-2021-44935 was published Dec 15, 2021
Origin Validation Error in Magento 2 High
CVE-2020-8818 was published for cardgate/magento2 (Composer) Oct 12, 2021
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of... Moderate Unreviewed
CVE-2018-8235 was published May 13, 2022
Default CORS config allows any origin with credentials Critical
CVE-2021-39185 was published for org.http4s:http4s-server (Maven) Sep 2, 2021
bplommer
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of... Moderate Unreviewed
CVE-2018-8112 was published May 13, 2022
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of... High Unreviewed
CVE-2018-4319 was published May 13, 2022
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially... Moderate Unreviewed
CVE-2017-5646 was published May 13, 2022
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a... Moderate Unreviewed
CVE-2019-5773 was published May 13, 2022
Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library Moderate
CVE-2019-11777 was published for org.eclipse.paho:org.eclipse.paho.client.mqttv3 (Maven) Sep 17, 2019
An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware... High Unreviewed
CVE-2018-3834 was published May 13, 2022
The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not... Moderate Unreviewed
CVE-2022-25146 was published Mar 4, 2022
The vulnerability causing from insufficient verification procedures for downloaded files during... Critical Unreviewed
CVE-2022-23764 was published Aug 18, 2022
Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker... Moderate Unreviewed
CVE-2019-13740 was published May 24, 2022
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect Low
CVE-2022-31151 was published for undici (npm) Jul 21, 2022
Haxatron
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could... Moderate Unreviewed
CVE-2022-40140 was published Sep 20, 2022
Through use of reportValidity() and window.open(), a plain-text validation message could have... Moderate Unreviewed
CVE-2021-38497 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database