Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

216 advisories

Loading
User Impersonation in converse.js Moderate
CVE-2017-5858 was published for converse.js (npm) Sep 11, 2020
Steam Socialite Provider v1 does not correctly validate openid server Critical
GHSA-hhw9-35p2-q2c5 was published for socialiteproviders/steam (Composer) Jan 29, 2021
MadMikeyB
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue... Moderate Unreviewed
CVE-2022-22594 was published Mar 19, 2022
In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL... High Unreviewed
CVE-2020-24772 was published Mar 22, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source... High Unreviewed
CVE-2021-32985 was published Apr 5, 2022
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking... High Unreviewed
CVE-2022-42927 was published Dec 22, 2022
An attacker could have abused XSLT error handling to associate attacker-controlled content with... Moderate Unreviewed
CVE-2022-38472 was published Dec 22, 2022
Kirby .dev domains and some reverse proxy setups were treated as local Moderate
CVE-2020-26253 was published for getkirby/cms (Composer) Jan 14, 2021
An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality... High Unreviewed
CVE-2019-5036 was published May 24, 2022
Cookie and header exposure in twisted High
CVE-2022-21712 was published for twisted (pip) Feb 7, 2022
ranjit-git alex
twm
The authentication mechanism used by voters to activate a voting session on the tested version of... Moderate Unreviewed
CVE-2022-1747 was published Jun 25, 2022
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6),... Moderate Unreviewed
CVE-2022-30228 was published Jun 15, 2022
Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote... Moderate Unreviewed
CVE-2022-1497 was published Jul 27, 2022
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same... High Unreviewed
CVE-2016-5168 was published May 17, 2022
Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and... High Unreviewed
CVE-2022-23763 was published Jun 29, 2022
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause... High Unreviewed
CVE-2022-26137 was published Jul 21, 2022
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0... High Unreviewed
CVE-2016-8358 was published May 17, 2022
Zip4j Origin Validation Error Moderate
CVE-2023-22899 was published for net.lingala.zip4j:zip4j (Maven) Jan 10, 2023
0xSSA
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in... High Unreviewed
CVE-2018-6690 was published May 13, 2022
Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can... High Unreviewed
CVE-2022-25227 was published May 21, 2022
Origin Validation Error in rdiffweb Critical
CVE-2022-3457 was published for rdiffweb (pip) Oct 14, 2022
Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with... Moderate Unreviewed
CVE-2019-8282 was published May 24, 2022
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote... Moderate Unreviewed
CVE-2019-5834 was published May 24, 2022
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same... High Unreviewed
CVE-2019-8069 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API