Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

216 advisories

Loading
An attacker could have abused XSLT error handling to associate attacker-controlled content with... Moderate Unreviewed
CVE-2022-38472 was published Dec 22, 2022
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy Critical
CVE-2017-20146 was published for github.com/gorilla/handlers (Go) Dec 28, 2022
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected... Critical Unreviewed
CVE-2014-125071 was published Jan 9, 2023
Zip4j Origin Validation Error Moderate
CVE-2023-22899 was published for net.lingala.zip4j:zip4j (Maven) Jan 10, 2023
0xSSA
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to... Moderate Unreviewed
CVE-2022-45139 was published Feb 27, 2023
code-server vulnerable to Missing Origin Validation in WebSockets Critical
CVE-2023-26114 was published for code-server (npm) Mar 23, 2023
Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via... Moderate Unreviewed
CVE-2023-2886 was published May 25, 2023
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker... High Unreviewed
CVE-2023-28349 was published May 31, 2023
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab... Moderate Unreviewed
CVE-2023-23601 was published Jun 2, 2023
The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that... Moderate Unreviewed
CVE-2023-2639 was published Jun 13, 2023
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site... Critical Unreviewed
CVE-2023-0957 was published Jul 6, 2023
In notification access permission dialog box, malicious application can embedded a very long... Moderate Unreviewed
CVE-2023-21260 was published Jul 13, 2023
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM... High Unreviewed
CVE-2023-3581 was published Jul 17, 2023
Unintentional leakage of private information via cross-origin websocket session hijacking Moderate
CVE-2023-2850 was published for nodebb (npm) Jul 25, 2023
mowzk barisusakli
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the... Moderate Unreviewed
CVE-2023-30949 was published Jul 26, 2023
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to... Moderate Unreviewed
CVE-2023-4045 was published Aug 1, 2023
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The... High Unreviewed
CVE-2023-29505 was published Aug 4, 2023
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This... High Unreviewed
CVE-2023-2848 was published Sep 14, 2023
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to... Critical Unreviewed
CVE-2023-3654 was published Oct 3, 2023
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS... Moderate Unreviewed
CVE-2023-44189 was published Oct 12, 2023
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS... Moderate Unreviewed
CVE-2023-44190 was published Oct 12, 2023
The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted... High Unreviewed
CVE-2021-26735 was published Oct 23, 2023
The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A... Moderate Unreviewed
CVE-2021-26737 was published Oct 23, 2023
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of... High Unreviewed
CVE-2023-28795 was published Oct 23, 2023
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via... Moderate Unreviewed
CVE-2023-5718 was published Oct 23, 2023
ProTip! Advisories are also available from the GraphQL API