Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

230 advisories

Loading
EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates... High Unreviewed
CVE-2018-14903 was published May 14, 2022
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does... High Unreviewed
CVE-2016-9902 was published May 14, 2022
WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active... Critical Unreviewed
CVE-2018-5116 was published May 14, 2022
Response header name interning does not have same-origin protections and these headers are stored... High Unreviewed
CVE-2017-7797 was published May 14, 2022
An audio capture session can started under an incorrect origin from the site making the capture... Moderate Unreviewed
CVE-2018-5109 was published May 14, 2022
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin... Critical Unreviewed
CVE-2017-13274 was published May 14, 2022
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links... Moderate Unreviewed
CVE-2017-1000455 was published May 14, 2022
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy Critical
CVE-2017-20146 was published for github.com/gorilla/handlers (Go) Dec 28, 2022
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman Moderate
CVE-2021-4024 was published for github.com/containers/podman/v3 (Go) Jan 6, 2022
In all versions before 7.2.1.4, when proxy settings are configured in the network access resource... Moderate Unreviewed
CVE-2022-23032 was published Jan 26, 2022
Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote... Moderate Unreviewed
CVE-2022-0113 was published Feb 13, 2022
Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote... Moderate Unreviewed
CVE-2022-0120 was published Feb 13, 2022
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a... Moderate Unreviewed
CVE-2022-0111 was published Feb 13, 2022
A vulnerability exists during the installation of add-ons where the initial fetch ignored the... High Unreviewed
CVE-2019-11723 was published May 24, 2022
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which... High Unreviewed
CVE-2009-1185 was published May 2, 2022
A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could... Critical Unreviewed
CVE-2019-15020 was published May 24, 2022
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to... Moderate Unreviewed
CVE-2022-45139 was published Feb 27, 2023
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the... Moderate Unreviewed
CVE-2020-12397 was published May 24, 2022
RubyGems has Origin Validation Error vulnerability High
CVE-2017-0902 was published for rubygems-update (RubyGems) May 13, 2022
code-server vulnerable to Missing Origin Validation in WebSockets Critical
CVE-2023-26114 was published for code-server (npm) Mar 23, 2023
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a... Moderate Unreviewed
CVE-2022-0108 was published Feb 13, 2022
Temi firmware 20190419.165201 does not properly verify that the source of data or communication... Moderate Unreviewed
CVE-2020-16168 was published May 24, 2022
HashiCorp Consul vulnerable to Origin Validation Error High
CVE-2019-9764 was published for github.com/hashicorp/consul (Go) May 13, 2022
Tailscale Windows daemon is vulnerable to RCE via CSRF Critical
CVE-2022-41924 was published for tailscale.com (Go) Nov 21, 2022
emilytrau JJJollyjim
hod-alpert
Leaking of user information on Cross-Domain communication in sysend Moderate
CVE-2022-24762 was published for sysend (npm) Mar 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database