Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

216 advisories

Loading
Leaking of user information on Cross-Domain communication in sysend Moderate
CVE-2022-24762 was published for sysend (npm) Mar 14, 2022
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue... Moderate Unreviewed
CVE-2022-22594 was published Mar 19, 2022
In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL... High Unreviewed
CVE-2020-24772 was published Mar 22, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source... High Unreviewed
CVE-2021-32985 was published Apr 5, 2022
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed High Unreviewed
CVE-2022-29818 was published Apr 29, 2022
FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which... Moderate Unreviewed
CVE-2003-0981 was published Apr 29, 2022
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a... Moderate Unreviewed
CVE-1999-1549 was published Apr 30, 2022
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000,... High Unreviewed
CVE-2000-1218 was published Apr 30, 2022
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received... Moderate Unreviewed
CVE-2001-1452 was published Apr 30, 2022
Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that... Moderate Unreviewed
CVE-2005-0877 was published May 1, 2022
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which... High Unreviewed
CVE-2009-1185 was published May 2, 2022
An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware... High Unreviewed
CVE-2018-3834 was published May 13, 2022
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a... Moderate Unreviewed
CVE-2019-5773 was published May 13, 2022
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially... Moderate Unreviewed
CVE-2017-5646 was published May 13, 2022
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of... High Unreviewed
CVE-2018-4319 was published May 13, 2022
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of... Moderate Unreviewed
CVE-2018-8112 was published May 13, 2022
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of... Moderate Unreviewed
CVE-2018-8235 was published May 13, 2022
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms... High Unreviewed
CVE-2019-7399 was published May 13, 2022
HashiCorp Consul vulnerable to Origin Validation Error High
CVE-2019-9764 was published for github.com/hashicorp/consul (Go) May 13, 2022
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1,... Moderate Unreviewed
CVE-2012-4193 was published May 13, 2022
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla... Moderate Unreviewed
CVE-2014-1502 was published May 13, 2022
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3,... High Unreviewed
CVE-2014-1487 was published May 13, 2022
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with... Critical Unreviewed
CVE-2017-6519 was published May 13, 2022
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the... High Unreviewed
CVE-2011-2856 was published May 13, 2022
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle... Moderate Unreviewed
CVE-2011-3956 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API