Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

233 advisories

Loading
Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library Moderate
CVE-2019-11777 was published for org.eclipse.paho:org.eclipse.paho.client.mqttv3 (Maven) Sep 17, 2019
Backend Same-Site Request Forgery in TYPO3 CMS High
CVE-2020-11069 was published for typo3/cms (Composer) May 13, 2020
ohader
User Impersonation in converse.js Moderate
CVE-2017-5858 was published for converse.js (npm) Sep 11, 2020
Kirby .dev domains and some reverse proxy setups were treated as local Moderate
CVE-2020-26253 was published for getkirby/cms (Composer) Jan 14, 2021
CORS misconfiguration in socket.io Moderate
CVE-2020-28481 was published for socket.io (npm) Jan 20, 2021
Steam Socialite Provider v1 does not correctly validate openid server Critical
GHSA-hhw9-35p2-q2c5 was published for socialiteproviders/steam (Composer) Jan 29, 2021
MadMikeyB
Podman Origin Validation Error Moderate
CVE-2021-20199 was published for github.com/containers/podman/v3 (Go) May 18, 2021
Origin Validation Error in Apache Maven Critical
CVE-2021-26291 was published for org.apache.maven:maven-compat (Maven) Jun 16, 2021
joshbressers
Improper Authorization and Origin Validation Error in OneFuzz Critical
CVE-2021-37705 was published for onefuzz (pip) Aug 13, 2021
Default CORS config allows any origin with credentials Critical
CVE-2021-39185 was published for org.http4s:http4s-server (Maven) Sep 2, 2021
bplommer
Remote code execution in Eclipse Theia High
CVE-2021-34435 was published for @theia/mini-browser (npm) Sep 2, 2021
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
Origin Validation Error in Magento 2 High
CVE-2020-8818 was published for cardgate/magento2 (Composer) Oct 12, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman Moderate
CVE-2021-4024 was published for github.com/containers/podman/v3 (Go) Jan 6, 2022
Cookie and header exposure in twisted High
CVE-2022-21712 was published for Twisted (pip) Feb 7, 2022
ranjit-git alex
twm
ProTip! Advisories are also available from the GraphQL API