Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

39 advisories

Loading
Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox <... Critical Unreviewed
CVE-2026-2790 was published Feb 24, 2026
Apache Camel: KeycloakSecurityPolicy does not validate issuer of JWT tokens against configured realm Critical
CVE-2026-23552 was published for org.apache.camel:camel-keycloak (Maven) Feb 23, 2026
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it... Critical Unreviewed
CVE-2025-67825 was published Jan 8, 2026
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63388 was published Dec 18, 2025
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63386 was published Dec 18, 2025
Langflow CORS misconfiguration enables Account Takeover and RCE Critical
CVE-2025-34291 was published for langflow (pip) Dec 6, 2025
augustocesarperin Credited to augustocesarperin
SillyTavern Web Interface Vulnerable DNS Rebinding Critical
CVE-2025-59159 was published for sillytavern (npm) Oct 6, 2025
Atom1cByte Credited to Atom1cByte
This issue was addressed through improved state management. This issue is fixed in Safari 18.4,... Critical Unreviewed
CVE-2025-30466 was published May 30, 2025
Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions below... Critical Unreviewed
CVE-2025-3651 was published Apr 17, 2025
A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui... Critical Unreviewed
CVE-2024-11045 was published Mar 20, 2025
A compromised content process could have allowed for the arbitrary loading of cross-origin pages.... Critical Unreviewed
CVE-2024-9392 was published Oct 1, 2024
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration. Critical Unreviewed
CVE-2024-41475 was published Aug 12, 2024
Gin mishandles a wildcard at the end of an origin string Critical
CVE-2019-25211 was published for github.com/gin-contrib/cors (Go) Jun 29, 2024
The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling. Critical Unreviewed
CVE-2021-47157 was published Mar 18, 2024
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials Critical
CVE-2024-25124 was published for github.com/gofiber/fiber/v2 (Go) Feb 22, 2024
gaby Credited to gaby, sixcolors, and ReneWerner87 sixcolors sixcolors
ReneWerner87 ReneWerner87
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to... Critical Unreviewed
CVE-2023-3654 was published Oct 3, 2023
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site... Critical Unreviewed
CVE-2023-0957 was published Jul 6, 2023
An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows... Critical Unreviewed
CVE-2023-29711 was published Jun 22, 2023
In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password. Critical Unreviewed
CVE-2023-25366 was published Jun 16, 2023
Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool... Critical Unreviewed
CVE-2023-33443 was published Jun 8, 2023
The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related... Critical Unreviewed
CVE-2023-29728 was published May 31, 2023
code-server vulnerable to Missing Origin Validation in WebSockets Critical
CVE-2023-26114 was published for code-server (npm) Mar 23, 2023
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected... Critical Unreviewed
CVE-2014-125071 was published Jan 9, 2023
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy Critical
CVE-2017-20146 was published for github.com/gorilla/handlers (Go) Dec 28, 2022
Tailscale Windows daemon is vulnerable to RCE via CSRF Critical
CVE-2022-41924 was published for tailscale.com (Go) Nov 21, 2022
emilytrau Credited to emilytrau, JJJollyjim, and hod-alpert JJJollyjim JJJollyjim
hod-alpert hod-alpert
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database