GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
247 advisories
Filter by severity
There is an insufficient input verification vulnerability in Huawei product. Successful...
High
Unreviewed
CVE-2022-32144
was published
Dec 20, 2024
A cookie management issue was addressed with improved state management. This issue is fixed in...
Moderate
Unreviewed
CVE-2024-44212
was published
Dec 12, 2024
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2....
Moderate
Unreviewed
CVE-2024-54490
was published
Dec 12, 2024
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion
Moderate
CVE-2024-53866
was published
for
pnpm
(npm)
Dec 10, 2024
MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking.
Moderate
Unreviewed
CVE-2024-45495
was published
Nov 29, 2024
An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 allows attackers to cause...
Moderate
Unreviewed
CVE-2024-51072
was published
Nov 22, 2024
An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information...
Moderate
Unreviewed
CVE-2024-51037
was published
Nov 15, 2024
lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain...
High
Unreviewed
CVE-2024-50654
was published
Nov 15, 2024
Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control...
High
Unreviewed
CVE-2024-10534
was published
Nov 15, 2024
A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal...
High
Unreviewed
CVE-2024-6674
was published
Oct 29, 2024
The origin of an external protocol handler prompt could have been obscured using a data: URL...
Moderate
Unreviewed
CVE-2024-10460
was published
Oct 29, 2024
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change...
High
Unreviewed
CVE-2024-44734
was published
Oct 11, 2024
Gradio's CORS origin validation accepts the null origin
Moderate
CVE-2024-47165
was published
for
gradio
(pip)
Oct 10, 2024
Gradios's CORS origin validation is not performed when the request has a cookie
High
CVE-2024-47084
was published
for
gradio
(pip)
Oct 10, 2024
A compromised content process could have allowed for the arbitrary loading of cross-origin pages....
Critical
Unreviewed
CVE-2024-9392
was published
Oct 1, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under...
High
Unreviewed
CVE-2024-9393
was published
Oct 1, 2024
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of...
Moderate
Unreviewed
CVE-2024-44187
was published
Sep 17, 2024
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed...
Moderate
Unreviewed
CVE-2024-7978
was published
Aug 21, 2024
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.
Critical
Unreviewed
CVE-2024-41475
was published
Aug 12, 2024
While copying individual autoupdater log files, reparse point check was missing which could...
High
Unreviewed
CVE-2024-23458
was published
Aug 6, 2024
Flowise Cors Misconfiguration in packages/server/src/index.ts
High
CVE-2024-36421
was published
for
flowise
(npm)
Aug 5, 2024
Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Moderate
CVE-2024-41926
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e...
High
Unreviewed
CVE-2024-41143
was published
Jul 29, 2024
There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate...
Moderate
Unreviewed
CVE-2024-22062
was published
Jul 9, 2024
Origin Validation Error in GitHub repository stitionai/devika prior to -.
High
Unreviewed
CVE-2024-5549
was published
Jul 9, 2024
ProTip!
Advisories are also available from the
GraphQL API