GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
216 advisories
Filter by severity
The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover...
High
Unreviewed
CVE-2018-6654
was published
May 13, 2022
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which...
High
Unreviewed
CVE-2018-6764
was published
May 13, 2022
A same-origin policy violation allowing the theft of cross-origin URL entries when using the...
Moderate
Unreviewed
CVE-2018-18494
was published
May 14, 2022
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta...
Moderate
Unreviewed
CVE-2018-18499
was published
May 14, 2022
EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates...
High
Unreviewed
CVE-2018-14903
was published
May 14, 2022
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does...
High
Unreviewed
CVE-2016-9902
was published
May 14, 2022
WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active...
Critical
Unreviewed
CVE-2018-5116
was published
May 14, 2022
Response header name interning does not have same-origin protections and these headers are stored...
High
Unreviewed
CVE-2017-7797
was published
May 14, 2022
An audio capture session can started under an incorrect origin from the site making the capture...
Moderate
Unreviewed
CVE-2018-5109
was published
May 14, 2022
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin...
Critical
Unreviewed
CVE-2017-13274
was published
May 14, 2022
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links...
Moderate
Unreviewed
CVE-2017-1000455
was published
May 14, 2022
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy
Critical
CVE-2017-20146
was published
for
github.com/gorilla/handlers
(Go)
Dec 28, 2022
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman
Moderate
CVE-2021-4024
was published
for
github.com/containers/podman/v3
(Go)
Jan 6, 2022
In all versions before 7.2.1.4, when proxy settings are configured in the network access resource...
Moderate
Unreviewed
CVE-2022-23032
was published
Jan 26, 2022
Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote...
Moderate
Unreviewed
CVE-2022-0113
was published
Feb 13, 2022
Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote...
Moderate
Unreviewed
CVE-2022-0120
was published
Feb 13, 2022
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a...
Moderate
Unreviewed
CVE-2022-0111
was published
Feb 13, 2022
A vulnerability exists during the installation of add-ons where the initial fetch ignored the...
High
Unreviewed
CVE-2019-11723
was published
May 24, 2022
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which...
High
Unreviewed
CVE-2009-1185
was published
May 2, 2022
A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could...
Critical
Unreviewed
CVE-2019-15020
was published
May 24, 2022
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to...
Moderate
Unreviewed
CVE-2022-45139
was published
Feb 27, 2023
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the...
Moderate
Unreviewed
CVE-2020-12397
was published
May 24, 2022
RubyGems has Origin Validation Error vulnerability
High
CVE-2017-0902
was published
for
rubygems-update
(RubyGems)
May 13, 2022
code-server vulnerable to Missing Origin Validation in WebSockets
Critical
CVE-2023-26114
was published
for
code-server
(npm)
Mar 23, 2023
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a...
Moderate
Unreviewed
CVE-2022-0108
was published
Feb 13, 2022
ProTip!
Advisories are also available from the
GraphQL API