GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
216 advisories
Filter by severity
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Low
CVE-2022-31151
was published
for
undici
(npm)
Jul 21, 2022
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause...
High
Unreviewed
CVE-2022-26137
was published
Jul 21, 2022
Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and...
High
Unreviewed
CVE-2022-23763
was published
Jun 29, 2022
The authentication mechanism used by voters to activate a voting session on the tested version of...
Moderate
Unreviewed
CVE-2022-1747
was published
Jun 25, 2022
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6),...
Moderate
Unreviewed
CVE-2022-30228
was published
Jun 15, 2022
A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension...
Moderate
Unreviewed
CVE-2019-1413
was published
May 24, 2022
Through use of reportValidity() and window.open(), a plain-text validation message could have...
Moderate
Unreviewed
CVE-2021-38497
was published
May 24, 2022
Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54...
Moderate
Unreviewed
CVE-2021-37966
was published
May 24, 2022
Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote...
Moderate
Unreviewed
CVE-2021-37971
was published
May 24, 2022
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar...
High
Unreviewed
CVE-2020-27969
was published
May 24, 2022
Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a...
Moderate
Unreviewed
CVE-2021-30596
was published
May 24, 2022
In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur.
High
Unreviewed
CVE-2021-39270
was published
May 24, 2022
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a...
Moderate
Unreviewed
CVE-2021-21229
was published
May 24, 2022
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed...
Moderate
Unreviewed
CVE-2021-21211
was published
May 24, 2022
Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote...
Moderate
Unreviewed
CVE-2021-21209
was published
May 24, 2022
The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server ...
High
Unreviewed
CVE-2021-31718
was published
May 24, 2022
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS...
Moderate
Unreviewed
CVE-2021-28048
was published
May 24, 2022
An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate...
Moderate
Unreviewed
CVE-2020-15734
was published
May 24, 2022
A malicious extension with the 'search' permission could have installed a new search engine whose...
Moderate
Unreviewed
CVE-2021-23986
was published
May 24, 2022
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a...
Moderate
Unreviewed
CVE-2021-21183
was published
May 24, 2022
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a...
Moderate
Unreviewed
CVE-2021-21184
was published
May 24, 2022
Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a...
Moderate
Unreviewed
CVE-2021-21175
was published
May 24, 2022
Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72...
Moderate
Unreviewed
CVE-2021-21164
was published
May 24, 2022
Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed...
Moderate
Unreviewed
CVE-2021-21163
was published
May 24, 2022
A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches...
Moderate
Unreviewed
CVE-2021-1231
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API