Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

17 advisories

Loading
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
Remote code execution in Eclipse Theia High
CVE-2021-34435 was published for @theia/mini-browser (npm) Sep 2, 2021
Origin Validation Error in Apache NiFi High
CVE-2017-7667 was published for org.apache.nifi:nifi (Maven) May 17, 2022
Origin Validation Error in Magento 2 High
CVE-2020-8818 was published for cardgate/magento2 (Composer) Oct 12, 2021
RubyGems has Origin Validation Error vulnerability High
CVE-2017-0902 was published for rubygems-update (RubyGems) May 13, 2022
HashiCorp Consul vulnerable to Origin Validation Error High
CVE-2019-9764 was published for github.com/hashicorp/consul (Go) May 13, 2022
CardGate Payments plugin for WooCommerce does not validate request origin High
CVE-2020-8819 was published for cardgate/woocommerce (Composer) May 24, 2022
Overly permissive origin policy High
CVE-2023-49803 was published for @koa/cors (npm) Dec 11, 2023
PawelJ-PL
Backend Same-Site Request Forgery in TYPO3 CMS High
CVE-2020-11069 was published for typo3/cms (Composer) May 13, 2020
ohader
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability High
CVE-2024-26135 was published for meshcentral (npm) Feb 21, 2024
Phoenix before 1.6.14 mishandles check_origin wildcarding High
CVE-2022-42975 was published for phoenix (Erlang) Oct 17, 2022
maennchen
Keycloak path traversal vulnerability in the redirect validation High
CVE-2024-2419 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI High
CVE-2024-23898 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS High
CVE-2024-1249 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
dhvakr
Flowise Cors Misconfiguration in packages/server/src/index.ts High
CVE-2024-36421 was published for flowise (npm) Aug 5, 2024
Gradios's CORS origin validation is not performed when the request has a cookie High
CVE-2024-47084 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Cookie and header exposure in twisted High
CVE-2022-21712 was published for Twisted (pip) Feb 7, 2022
ranjit-git alex
twm
ProTip! Advisories are also available from the GraphQL API