GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
231 advisories
Filter by severity
Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library
Moderate
CVE-2019-11777
was published
for
org.eclipse.paho:org.eclipse.paho.client.mqttv3
(Maven)
Sep 17, 2019
Backend Same-Site Request Forgery in TYPO3 CMS
High
CVE-2020-11069
was published
for
typo3/cms
(Composer)
May 13, 2020
User Impersonation in converse.js
Moderate
CVE-2017-5858
was published
for
converse.js
(npm)
Sep 11, 2020
Kirby .dev domains and some reverse proxy setups were treated as local
Moderate
CVE-2020-26253
was published
for
getkirby/cms
(Composer)
Jan 14, 2021
CORS misconfiguration in socket.io
Moderate
CVE-2020-28481
was published
for
socket.io
(npm)
Jan 20, 2021
Steam Socialite Provider v1 does not correctly validate openid server
Critical
GHSA-hhw9-35p2-q2c5
was published
for
socialiteproviders/steam
(Composer)
Jan 29, 2021
Podman Origin Validation Error
Moderate
CVE-2021-20199
was published
for
github.com/containers/podman/v3
(Go)
May 18, 2021
Origin Validation Error in Apache Maven
Critical
CVE-2021-26291
was published
for
org.apache.maven:maven-compat
(Maven)
Jun 16, 2021
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
Default CORS config allows any origin with credentials
Critical
CVE-2021-39185
was published
for
org.http4s:http4s-server
(Maven)
Sep 2, 2021
Remote code execution in Eclipse Theia
High
CVE-2021-34435
was published
for
@theia/mini-browser
(npm)
Sep 2, 2021
Elvish vulnerable to remote code execution via the web UI backend
High
CVE-2021-41088
was published
for
github.com/elves/elvish
(Go)
Sep 23, 2021
Origin Validation Error in Magento 2
High
CVE-2020-8818
was published
for
cardgate/magento2
(Composer)
Oct 12, 2021
When a user loaded a Web Extensions context menu, the Web Extension could access the post...
Moderate
Unreviewed
CVE-2021-43531
was published
Dec 9, 2021
The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently...
Moderate
Unreviewed
CVE-2021-38507
was published
Dec 9, 2021
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS)...
Critical
Unreviewed
CVE-2021-39063
was published
Dec 14, 2021
glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html...
Critical
Unreviewed
CVE-2021-44935
was published
Dec 15, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman
Moderate
CVE-2021-4024
was published
for
github.com/containers/podman/v3
(Go)
Jan 6, 2022
In all versions before 7.2.1.4, when proxy settings are configured in the network access resource...
Moderate
Unreviewed
CVE-2022-23032
was published
Jan 26, 2022
Cookie and header exposure in twisted
High
CVE-2022-21712
was published
for
Twisted
(pip)
Feb 7, 2022
Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote...
Moderate
Unreviewed
CVE-2022-0120
was published
Feb 13, 2022
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a...
Moderate
Unreviewed
CVE-2022-0111
was published
Feb 13, 2022
Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote...
Moderate
Unreviewed
CVE-2022-0113
was published
Feb 13, 2022
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a...
Moderate
Unreviewed
CVE-2022-0108
was published
Feb 13, 2022
The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not...
Moderate
Unreviewed
CVE-2022-25146
was published
Mar 4, 2022
ProTip!
Advisories are also available from the
GraphQL API