Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,382
Maven
5,000+
npm
4,011
NuGet
720
pip
3,810
Pub
12
RubyGems
930
Rust
987
Swift
38
Unreviewed advisories
All unreviewed
5,000+

321 advisories

Loading
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla... Moderate Unreviewed
CVE-2014-1502 was published May 13, 2022
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1,... Moderate Unreviewed
CVE-2012-4193 was published May 13, 2022
HashiCorp Consul vulnerable to Origin Validation Error High
CVE-2019-9764 was published for github.com/hashicorp/consul (Go) May 13, 2022
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms... High Unreviewed
CVE-2019-7399 was published May 13, 2022
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of... Moderate Unreviewed
CVE-2018-8235 was published May 13, 2022
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of... Moderate Unreviewed
CVE-2018-8112 was published May 13, 2022
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of... High Unreviewed
CVE-2018-4319 was published May 13, 2022
Apache Knox allows impersonation of users Moderate
CVE-2017-5646 was published for org.apache.knox:gateway-provider-identity-assertion-common (Maven) May 13, 2022
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a... Moderate Unreviewed
CVE-2019-5773 was published May 13, 2022
An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware... High Unreviewed
CVE-2018-3834 was published May 13, 2022
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which... High Unreviewed
CVE-2009-1185 was published May 2, 2022
Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that... Moderate Unreviewed
CVE-2005-0877 was published May 1, 2022
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received... Moderate Unreviewed
CVE-2001-1452 was published Apr 30, 2022
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000,... High Unreviewed
CVE-2000-1218 was published Apr 30, 2022
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a... Moderate Unreviewed
CVE-1999-1549 was published Apr 30, 2022
FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which... Moderate Unreviewed
CVE-2003-0981 was published Apr 29, 2022
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed High Unreviewed
CVE-2022-29818 was published Apr 29, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source... High Unreviewed
CVE-2021-32985 was published Apr 5, 2022
In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL... High Unreviewed
CVE-2020-24772 was published Mar 22, 2022
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue... Moderate Unreviewed
CVE-2022-22594 was published Mar 19, 2022
Leaking of user information on Cross-Domain communication in sysend Moderate
CVE-2022-24762 was published for sysend (npm) Mar 14, 2022
Liferay Portal and Liferay DXP fails to check origin of event messages Moderate
CVE-2022-25146 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 4, 2022
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a... Moderate Unreviewed
CVE-2022-0111 was published Feb 13, 2022
Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote... Moderate Unreviewed
CVE-2022-0113 was published Feb 13, 2022
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a... Moderate Unreviewed
CVE-2022-0108 was published Feb 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database