Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

233 advisories

Loading
If WebRTC permission is requested from documents with data: or blob: URLs, the permission... Moderate Unreviewed
CVE-2019-9808 was published May 24, 2022
Cross-origin images can be read in violation of the same-origin policy by exporting an image... Moderate Unreviewed
CVE-2019-9797 was published May 24, 2022
The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content... High Unreviewed
CVE-2019-9803 was published May 24, 2022
Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can... High Unreviewed
CVE-2022-25227 was published May 21, 2022
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0... High Unreviewed
CVE-2016-8358 was published May 17, 2022
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same... High Unreviewed
CVE-2016-5168 was published May 17, 2022
Origin Validation Error in Apache NiFi High
CVE-2017-7667 was published for org.apache.nifi:nifi (Maven) May 17, 2022
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links... Moderate Unreviewed
CVE-2017-1000455 was published May 14, 2022
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin... Critical Unreviewed
CVE-2017-13274 was published May 14, 2022
WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active... Critical Unreviewed
CVE-2018-5116 was published May 14, 2022
An audio capture session can started under an incorrect origin from the site making the capture... Moderate Unreviewed
CVE-2018-5109 was published May 14, 2022
Response header name interning does not have same-origin protections and these headers are stored... High Unreviewed
CVE-2017-7797 was published May 14, 2022
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does... High Unreviewed
CVE-2016-9902 was published May 14, 2022
EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates... High Unreviewed
CVE-2018-14903 was published May 14, 2022
Yii Incorrectly Implements CORS Moderate
CVE-2018-20745 was published for yiisoft/yii2 (Composer) May 14, 2022
github.com/gofiber/fiber/v2 vulnerable to Origin Validation Error Moderate
CVE-2018-20744 was published for github.com/gofiber/fiber/v2 (Go) May 14, 2022
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta... Moderate Unreviewed
CVE-2018-18499 was published May 14, 2022
A same-origin policy violation allowing the theft of cross-origin URL entries when using the... Moderate Unreviewed
CVE-2018-18494 was published May 14, 2022
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which... High Unreviewed
CVE-2018-6764 was published May 13, 2022
The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover... High Unreviewed
CVE-2018-6654 was published May 13, 2022
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81... Moderate Unreviewed
CVE-2018-16072 was published May 13, 2022
The internal WebBrowserPersist code does not use correct origin context for a resource being... Moderate Unreviewed
CVE-2018-12402 was published May 13, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request... High Unreviewed
CVE-2017-8793 was published May 13, 2022
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature... Moderate Unreviewed
CVE-2017-8650 was published May 13, 2022
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows... Moderate Unreviewed
CVE-2017-8523 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database