GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
17 advisories
Filter by severity
A compromised content process could have allowed for the arbitrary loading of cross-origin pages....
Critical
Unreviewed
CVE-2024-9392
was published
Oct 1, 2024
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.
Critical
Unreviewed
CVE-2024-41475
was published
Aug 12, 2024
The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.
Critical
Unreviewed
CVE-2021-47157
was published
Mar 18, 2024
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to...
Critical
Unreviewed
CVE-2023-3654
was published
Oct 3, 2023
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site...
Critical
Unreviewed
CVE-2023-0957
was published
Jul 6, 2023
An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows...
Critical
Unreviewed
CVE-2023-29711
was published
Jun 22, 2023
In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.
Critical
Unreviewed
CVE-2023-25366
was published
Jun 16, 2023
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected...
Critical
Unreviewed
CVE-2014-125071
was published
Jan 9, 2023
The vulnerability causing from insufficient verification procedures for downloaded files during...
Critical
Unreviewed
CVE-2022-23764
was published
Aug 18, 2022
A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could...
Critical
Unreviewed
CVE-2019-15020
was published
May 24, 2022
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and...
Critical
Unreviewed
CVE-2018-5409
was published
May 24, 2022
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin...
Critical
Unreviewed
CVE-2017-13274
was published
May 14, 2022
WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active...
Critical
Unreviewed
CVE-2018-5116
was published
May 14, 2022
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications...
Critical
Unreviewed
CVE-2018-5400
was published
May 13, 2022
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with...
Critical
Unreviewed
CVE-2017-6519
was published
May 13, 2022
glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html...
Critical
Unreviewed
CVE-2021-44935
was published
Dec 15, 2021
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS)...
Critical
Unreviewed
CVE-2021-39063
was published
Dec 14, 2021
ProTip!
Advisories are also available from the
GraphQL API