GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
231 advisories
Filter by severity
Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a...
Moderate
Unreviewed
CVE-2023-5859
was published
Nov 1, 2023
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote...
Moderate
Unreviewed
CVE-2023-5853
was published
Nov 1, 2023
Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed...
Moderate
Unreviewed
CVE-2023-5858
was published
Nov 1, 2023
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a...
Moderate
Unreviewed
CVE-2023-5851
was published
Nov 1, 2023
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of...
High
Unreviewed
CVE-2023-28795
was published
Oct 23, 2023
The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A...
Moderate
Unreviewed
CVE-2021-26737
was published
Oct 23, 2023
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via...
Moderate
Unreviewed
CVE-2023-5718
was published
Oct 23, 2023
The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted...
High
Unreviewed
CVE-2021-26735
was published
Oct 23, 2023
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS...
Moderate
Unreviewed
CVE-2023-44190
was published
Oct 12, 2023
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS...
Moderate
Unreviewed
CVE-2023-44189
was published
Oct 12, 2023
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to...
Critical
Unreviewed
CVE-2023-3654
was published
Oct 3, 2023
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This...
High
Unreviewed
CVE-2023-2848
was published
Sep 14, 2023
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The...
High
Unreviewed
CVE-2023-29505
was published
Aug 4, 2023
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to...
Moderate
Unreviewed
CVE-2023-4045
was published
Aug 1, 2023
Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed...
Moderate
Unreviewed
CVE-2022-4917
was published
Jul 29, 2023
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the...
Moderate
Unreviewed
CVE-2023-30949
was published
Jul 26, 2023
Unintentional leakage of private information via cross-origin websocket session hijacking
Moderate
CVE-2023-2850
was published
for
nodebb
(npm)
Jul 25, 2023
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM...
High
Unreviewed
CVE-2023-3581
was published
Jul 17, 2023
In notification access permission dialog box, malicious application can embedded a very long...
Moderate
Unreviewed
CVE-2023-21260
was published
Jul 13, 2023
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site...
Critical
Unreviewed
CVE-2023-0957
was published
Jul 6, 2023
The underlying feedback mechanism of
Rockwell Automation's FactoryTalk System Services that...
Moderate
Unreviewed
CVE-2023-2639
was published
Jun 13, 2023
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab...
Moderate
Unreviewed
CVE-2023-23601
was published
Jun 2, 2023
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker...
High
Unreviewed
CVE-2023-28349
was published
May 31, 2023
Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via...
Moderate
Unreviewed
CVE-2023-2886
was published
May 25, 2023
code-server vulnerable to Missing Origin Validation in WebSockets
Critical
CVE-2023-26114
was published
for
code-server
(npm)
Mar 23, 2023
ProTip!
Advisories are also available from the
GraphQL API