Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

216 advisories

Loading
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect Low
CVE-2022-31151 was published for undici (npm) Jul 21, 2022
Haxatron
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause... High Unreviewed
CVE-2022-26137 was published Jul 21, 2022
Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and... High Unreviewed
CVE-2022-23763 was published Jun 29, 2022
The authentication mechanism used by voters to activate a voting session on the tested version of... Moderate Unreviewed
CVE-2022-1747 was published Jun 25, 2022
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6),... Moderate Unreviewed
CVE-2022-30228 was published Jun 15, 2022
A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension... Moderate Unreviewed
CVE-2019-1413 was published May 24, 2022
Through use of reportValidity() and window.open(), a plain-text validation message could have... Moderate Unreviewed
CVE-2021-38497 was published May 24, 2022
Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54... Moderate Unreviewed
CVE-2021-37966 was published May 24, 2022
Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote... Moderate Unreviewed
CVE-2021-37971 was published May 24, 2022
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar... High Unreviewed
CVE-2020-27969 was published May 24, 2022
Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a... Moderate Unreviewed
CVE-2021-30596 was published May 24, 2022
In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur. High Unreviewed
CVE-2021-39270 was published May 24, 2022
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a... Moderate Unreviewed
CVE-2021-21229 was published May 24, 2022
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed... Moderate Unreviewed
CVE-2021-21211 was published May 24, 2022
Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote... Moderate Unreviewed
CVE-2021-21209 was published May 24, 2022
The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server ... High Unreviewed
CVE-2021-31718 was published May 24, 2022
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS... Moderate Unreviewed
CVE-2021-28048 was published May 24, 2022
An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate... Moderate Unreviewed
CVE-2020-15734 was published May 24, 2022
A malicious extension with the 'search' permission could have installed a new search engine whose... Moderate Unreviewed
CVE-2021-23986 was published May 24, 2022
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a... Moderate Unreviewed
CVE-2021-21183 was published May 24, 2022
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a... Moderate Unreviewed
CVE-2021-21184 was published May 24, 2022
Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a... Moderate Unreviewed
CVE-2021-21175 was published May 24, 2022
Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72... Moderate Unreviewed
CVE-2021-21164 was published May 24, 2022
Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed... Moderate Unreviewed
CVE-2021-21163 was published May 24, 2022
A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches... Moderate Unreviewed
CVE-2021-1231 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API