Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

80 advisories

Loading
While copying individual autoupdater log files, reparse point check was missing which could... High Unreviewed
CVE-2024-23458 was published Aug 6, 2024
Flowise Cors Misconfiguration in packages/server/src/index.ts High
CVE-2024-36421 was published for flowise (npm) Aug 5, 2024
Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e... High Unreviewed
CVE-2024-41143 was published Jul 29, 2024
Origin Validation Error in GitHub repository stitionai/devika prior to -. High Unreviewed
CVE-2024-5549 was published Jul 9, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local... High Unreviewed
CVE-2024-36302 was published Jun 11, 2024
An origin validation vulnerability exists in BIG-IP APM browser network access VPN client ... High Unreviewed
CVE-2024-28883 was published May 8, 2024
A vulnerability exists in the too permissive HTTP response header web server settings of the... High Unreviewed
CVE-2024-2377 was published Apr 30, 2024
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS High
CVE-2024-1249 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
dhvakr
Keycloak path traversal vulnerability in the redirect validation High
CVE-2024-2419 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability High
CVE-2024-26135 was published for meshcentral (npm) Feb 21, 2024
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker... High Unreviewed
CVE-2023-40547 was published Jan 25, 2024
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI High
CVE-2024-23898 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local... High Unreviewed
CVE-2023-47199 was published Jan 23, 2024
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent... High Unreviewed
CVE-2023-47200 was published Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local... High Unreviewed
CVE-2023-47197 was published Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local... High Unreviewed
CVE-2023-47195 was published Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local... High Unreviewed
CVE-2023-47193 was published Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local... High Unreviewed
CVE-2023-47196 was published Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local... High Unreviewed
CVE-2023-47194 was published Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local... High Unreviewed
CVE-2023-47198 was published Jan 23, 2024
Overly permissive origin policy High
CVE-2023-49803 was published for @koa/cors (npm) Dec 11, 2023
PawelJ-PL
The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted... High Unreviewed
CVE-2021-26735 was published Oct 23, 2023
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of... High Unreviewed
CVE-2023-28795 was published Oct 23, 2023
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This... High Unreviewed
CVE-2023-2848 was published Sep 14, 2023
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The... High Unreviewed
CVE-2023-29505 was published Aug 4, 2023
ProTip! Advisories are also available from the GraphQL API