GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
41 advisories
Filter by severity
Origin Validation Error in rdiffweb
Critical
CVE-2022-3457
was published
for
rdiffweb
(pip)
Oct 14, 2022
Cookie and header exposure in twisted
High
CVE-2022-21712
was published
for
Twisted
(pip)
Feb 7, 2022
Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Moderate
CVE-2024-41926
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Gradios's CORS origin validation is not performed when the request has a cookie
High
CVE-2024-47084
was published
for
gradio
(pip)
Oct 10, 2024
Gradio's CORS origin validation accepts the null origin
Moderate
CVE-2024-47165
was published
for
gradio
(pip)
Oct 10, 2024
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
Flowise Cors Misconfiguration in packages/server/src/index.ts
High
CVE-2024-36421
was published
for
flowise
(npm)
Aug 5, 2024
Classic builder cache poisoning
Moderate
CVE-2024-24557
was published
for
github.com/docker/docker
(Go)
Feb 1, 2024
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS
High
CVE-2024-1249
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
github.com/gofiber/fiber/v2 vulnerable to Origin Validation Error
Moderate
CVE-2018-20744
was published
for
github.com/gofiber/fiber/v2
(Go)
May 14, 2022
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
High
CVE-2024-23898
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
Keycloak path traversal vulnerability in the redirect validation
High
CVE-2024-2419
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Phoenix before 1.6.14 mishandles check_origin wildcarding
High
CVE-2022-42975
was published
for
phoenix
(Erlang)
Oct 17, 2022
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Critical
CVE-2024-25124
was published
for
github.com/gofiber/fiber/v2
(Go)
Feb 22, 2024
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
High
CVE-2024-26135
was published
for
meshcentral
(npm)
Feb 21, 2024
Backend Same-Site Request Forgery in TYPO3 CMS
High
CVE-2020-11069
was published
for
typo3/cms
(Composer)
May 13, 2020
Unintentional leakage of private information via cross-origin websocket session hijacking
Moderate
CVE-2023-2850
was published
for
nodebb
(npm)
Jul 25, 2023
Podman Origin Validation Error
Moderate
CVE-2021-20199
was published
for
github.com/containers/podman/v3
(Go)
May 18, 2021
CORS misconfiguration in socket.io
Moderate
CVE-2020-28481
was published
for
socket.io
(npm)
Jan 20, 2021
Yii Incorrectly Implements CORS
Moderate
CVE-2018-20745
was published
for
yiisoft/yii2
(Composer)
May 14, 2022
Origin Validation Error in Apache Maven
Critical
CVE-2021-26291
was published
for
org.apache.maven:maven-compat
(Maven)
Jun 16, 2021
CardGate Payments plugin for WooCommerce does not validate request origin
High
CVE-2020-8819
was published
for
cardgate/woocommerce
(Composer)
May 24, 2022
Leaking of user information on Cross-Domain communication in sysend
Moderate
CVE-2022-24762
was published
for
sysend
(npm)
Mar 14, 2022
Tailscale Windows daemon is vulnerable to RCE via CSRF
Critical
CVE-2022-41924
was published
for
tailscale.com
(Go)
Nov 21, 2022
ProTip!
Advisories are also available from the
GraphQL API