GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
216 advisories
Filter by severity
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep...
High
Unreviewed
CVE-2019-16235
was published
May 24, 2022
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep...
High
Unreviewed
CVE-2019-16237
was published
May 24, 2022
An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality...
High
Unreviewed
CVE-2019-5036
was published
May 24, 2022
Images from a different domain can be read using a canvas object in some circumstances. This...
Moderate
Unreviewed
CVE-2019-9817
was published
May 24, 2022
A vulnerability exists during the installation of add-ons where the initial fetch ignored the...
High
Unreviewed
CVE-2019-11723
was published
May 24, 2022
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote...
Moderate
Unreviewed
CVE-2019-5834
was published
May 24, 2022
Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with...
Moderate
Unreviewed
CVE-2019-8282
was published
May 24, 2022
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and...
Critical
Unreviewed
CVE-2018-5409
was published
May 24, 2022
If WebRTC permission is requested from documents with data: or blob: URLs, the permission...
Moderate
Unreviewed
CVE-2019-9808
was published
May 24, 2022
Cross-origin images can be read in violation of the same-origin policy by exporting an image...
Moderate
Unreviewed
CVE-2019-9797
was published
May 24, 2022
The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content...
High
Unreviewed
CVE-2019-9803
was published
May 24, 2022
Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can...
High
Unreviewed
CVE-2022-25227
was published
May 21, 2022
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0...
High
Unreviewed
CVE-2016-8358
was published
May 17, 2022
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same...
High
Unreviewed
CVE-2016-5168
was published
May 17, 2022
Origin Validation Error in Apache NiFi
High
CVE-2017-7667
was published
for
org.apache.nifi:nifi
(Maven)
May 17, 2022
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links...
Moderate
Unreviewed
CVE-2017-1000455
was published
May 14, 2022
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin...
Critical
Unreviewed
CVE-2017-13274
was published
May 14, 2022
WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active...
Critical
Unreviewed
CVE-2018-5116
was published
May 14, 2022
An audio capture session can started under an incorrect origin from the site making the capture...
Moderate
Unreviewed
CVE-2018-5109
was published
May 14, 2022
Response header name interning does not have same-origin protections and these headers are stored...
High
Unreviewed
CVE-2017-7797
was published
May 14, 2022
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does...
High
Unreviewed
CVE-2016-9902
was published
May 14, 2022
EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates...
High
Unreviewed
CVE-2018-14903
was published
May 14, 2022
Yii Incorrectly Implements CORS
Moderate
CVE-2018-20745
was published
for
yiisoft/yii2
(Composer)
May 14, 2022
github.com/gofiber/fiber/v2 vulnerable to Origin Validation Error
Moderate
CVE-2018-20744
was published
for
github.com/gofiber/fiber/v2
(Go)
May 14, 2022
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta...
Moderate
Unreviewed
CVE-2018-18499
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API