Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion Moderate
CVE-2024-53866 was published for pnpm (npm) Dec 10, 2024
ChALkeR
Flowise Cors Misconfiguration in packages/server/src/index.ts High
CVE-2024-36421 was published for flowise (npm) Aug 5, 2024
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability High
CVE-2024-26135 was published for meshcentral (npm) Feb 21, 2024
Overly permissive origin policy High
CVE-2023-49803 was published for @koa/cors (npm) Dec 11, 2023
PawelJ-PL
Unintentional leakage of private information via cross-origin websocket session hijacking Moderate
CVE-2023-2850 was published for nodebb (npm) Jul 25, 2023
mowzk barisusakli
code-server vulnerable to Missing Origin Validation in WebSockets Critical
CVE-2023-26114 was published for code-server (npm) Mar 23, 2023
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect Low
CVE-2022-31151 was published for undici (npm) Jul 21, 2022
Haxatron
Leaking of user information on Cross-Domain communication in sysend Moderate
CVE-2022-24762 was published for sysend (npm) Mar 14, 2022
Remote code execution in Eclipse Theia High
CVE-2021-34435 was published for @theia/mini-browser (npm) Sep 2, 2021
CORS misconfiguration in socket.io Moderate
CVE-2020-28481 was published for socket.io (npm) Jan 20, 2021
User Impersonation in converse.js Moderate
CVE-2017-5858 was published for converse.js (npm) Sep 11, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database