Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,718
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,943
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

8 advisories

Loading
WWBN AVideo has a CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) Exposes Authenticated API Responses High
CVE-2026-41057 was published for wwbn/avideo (Composer) Apr 14, 2026
offset Credited to offset
Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validation Moderate
CVE-2026-30964 was published for web-auth/webauthn-framework (Composer) Mar 10, 2026
dorakemon Credited to dorakemon
CardGate Payments plugin for WooCommerce does not validate request origin High
CVE-2020-8819 was published for cardgate/woocommerce (Composer) May 24, 2022
Yii Incorrectly Implements CORS Moderate
CVE-2018-20745 was published for yiisoft/yii2 (Composer) May 14, 2022
Origin Validation Error in Magento 2 High
CVE-2020-8818 was published for cardgate/magento2 (Composer) Oct 12, 2021
Steam Socialite Provider v1 does not correctly validate openid server Critical
GHSA-hhw9-35p2-q2c5 was published for socialiteproviders/steam (Composer) Jan 29, 2021
MadMikeyB Credited to MadMikeyB
Kirby .dev domains and some reverse proxy setups were treated as local Moderate
CVE-2020-26253 was published for getkirby/cms (Composer) Jan 14, 2021
Backend Same-Site Request Forgery in TYPO3 CMS High
CVE-2020-11069 was published for typo3/cms (Composer) May 13, 2020
ohader Credited to ohader
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database