GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,093
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,902
Maven 5,100
npm 3,631
NuGet 638
pip 3,246
Pub 10
RubyGems 863
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,442

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

216 advisories

Filter by severity

Sort by

Least recently updated

The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover... High Unreviewed

CVE-2018-6654 was published May 13, 2022

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which... High Unreviewed

CVE-2018-6764 was published May 13, 2022

A same-origin policy violation allowing the theft of cross-origin URL entries when using the... Moderate Unreviewed

CVE-2018-18494 was published May 14, 2022

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta... Moderate Unreviewed

CVE-2018-18499 was published May 14, 2022

EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates... High Unreviewed

CVE-2018-14903 was published May 14, 2022

The Pocket toolbar button, once activated, listens for events fired from it's own pages but does... High Unreviewed

CVE-2016-9902 was published May 14, 2022

WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active... Critical Unreviewed

CVE-2018-5116 was published May 14, 2022

Response header name interning does not have same-origin protections and these headers are stored... High Unreviewed

CVE-2017-7797 was published May 14, 2022

An audio capture session can started under an incorrect origin from the site making the capture... Moderate Unreviewed

CVE-2018-5109 was published May 14, 2022

In the getHost() function of UriTest.java, there is the possibility of incorrect web origin... Critical Unreviewed

CVE-2017-13274 was published May 14, 2022

GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links... Moderate Unreviewed

CVE-2017-1000455 was published May 14, 2022

gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy Critical

CVE-2017-20146 was published for github.com/gorilla/handlers (Go) Dec 28, 2022

Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman Moderate

CVE-2021-4024 was published for github.com/containers/podman/v3 (Go) Jan 6, 2022

In all versions before 7.2.1.4, when proxy settings are configured in the network access resource... Moderate Unreviewed

CVE-2022-23032 was published Jan 26, 2022

Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote... Moderate Unreviewed

CVE-2022-0113 was published Feb 13, 2022

Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote... Moderate Unreviewed

CVE-2022-0120 was published Feb 13, 2022

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a... Moderate Unreviewed

CVE-2022-0111 was published Feb 13, 2022

A vulnerability exists during the installation of add-ons where the initial fetch ignored the... High Unreviewed

CVE-2019-11723 was published May 24, 2022

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which... High Unreviewed

CVE-2009-1185 was published May 2, 2022

A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could... Critical Unreviewed

CVE-2019-15020 was published May 24, 2022

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to... Moderate Unreviewed

CVE-2022-45139 was published Feb 27, 2023

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the... Moderate Unreviewed

CVE-2020-12397 was published May 24, 2022

RubyGems has Origin Validation Error vulnerability High

CVE-2017-0902 was published for rubygems-update (RubyGems) May 13, 2022

code-server vulnerable to Missing Origin Validation in WebSockets Critical

CVE-2023-26114 was published for code-server (npm) Mar 23, 2023

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a... Moderate Unreviewed

CVE-2022-0108 was published Feb 13, 2022

Previous 1 2 3 4 5 6 7 8 9 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

216 advisories