GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
Backend Same-Site Request Forgery in TYPO3 CMS
High
CVE-2020-11069
was published
for
typo3/cms
(Composer)
May 13, 2020
Remote code execution in Eclipse Theia
High
CVE-2021-34435
was published
for
@theia/mini-browser
(npm)
Sep 2, 2021
Elvish vulnerable to remote code execution via the web UI backend
High
CVE-2021-41088
was published
for
github.com/elves/elvish
(Go)
Sep 23, 2021
Origin Validation Error in Magento 2
High
CVE-2020-8818
was published
for
cardgate/magento2
(Composer)
Oct 12, 2021
Cookie and header exposure in twisted
High
CVE-2022-21712
was published
for
Twisted
(pip)
Feb 7, 2022
In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL...
High
Unreviewed
CVE-2020-24772
was published
Mar 22, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source...
High
Unreviewed
CVE-2021-32985
was published
Apr 5, 2022
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
High
Unreviewed
CVE-2022-29818
was published
Apr 29, 2022
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000,...
High
Unreviewed
CVE-2000-1218
was published
Apr 30, 2022
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which...
High
Unreviewed
CVE-2009-1185
was published
May 2, 2022
An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware...
High
Unreviewed
CVE-2018-3834
was published
May 13, 2022
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of...
High
Unreviewed
CVE-2018-4319
was published
May 13, 2022
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms...
High
Unreviewed
CVE-2019-7399
was published
May 13, 2022
HashiCorp Consul vulnerable to Origin Validation Error
High
CVE-2019-9764
was published
for
github.com/hashicorp/consul
(Go)
May 13, 2022
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3,...
High
Unreviewed
CVE-2014-1487
was published
May 13, 2022
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the...
High
Unreviewed
CVE-2011-2856
was published
May 13, 2022
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in...
High
Unreviewed
CVE-2018-6690
was published
May 13, 2022
RubyGems has Origin Validation Error vulnerability
High
CVE-2017-0902
was published
for
rubygems-update
(RubyGems)
May 13, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request...
High
Unreviewed
CVE-2017-8793
was published
May 13, 2022
The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover...
High
Unreviewed
CVE-2018-6654
was published
May 13, 2022
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which...
High
Unreviewed
CVE-2018-6764
was published
May 13, 2022
EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates...
High
Unreviewed
CVE-2018-14903
was published
May 14, 2022
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does...
High
Unreviewed
CVE-2016-9902
was published
May 14, 2022
Response header name interning does not have same-origin protections and these headers are stored...
High
Unreviewed
CVE-2017-7797
was published
May 14, 2022
Origin Validation Error in Apache NiFi
High
CVE-2017-7667
was published
for
org.apache.nifi:nifi
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API