GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,331
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
228 advisories
Filter by severity
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy
Critical
CVE-2017-20146
was published
for
github.com/gorilla/handlers
(Go)
Dec 28, 2022
An attacker could have abused XSLT error handling to associate attacker-controlled content with...
Moderate
Unreviewed
CVE-2022-38472
was published
Dec 22, 2022
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking...
High
Unreviewed
CVE-2022-42927
was published
Dec 22, 2022
Tailscale Windows daemon is vulnerable to RCE via CSRF
Critical
CVE-2022-41924
was published
for
tailscale.com
(Go)
Nov 21, 2022
Phoenix before 1.6.14 mishandles check_origin wildcarding
High
CVE-2022-42975
was published
for
phoenix
(Erlang)
Oct 17, 2022
Origin Validation Error in rdiffweb
Critical
CVE-2022-3457
was published
for
rdiffweb
(pip)
Oct 14, 2022
An origin validation error vulnerability in Trend Micro Apex One agents could allow a local...
High
Unreviewed
CVE-2022-41749
was published
Oct 11, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross...
Moderate
Unreviewed
CVE-2022-41294
was published
Oct 6, 2022
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could...
Moderate
Unreviewed
CVE-2022-40140
was published
Sep 20, 2022
The vulnerability causing from insufficient verification procedures for downloaded files during...
Critical
Unreviewed
CVE-2022-23764
was published
Aug 18, 2022
Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote...
Moderate
Unreviewed
CVE-2022-1497
was published
Jul 27, 2022
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Low
CVE-2022-31151
was published
for
undici
(npm)
Jul 21, 2022
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause...
High
Unreviewed
CVE-2022-26137
was published
Jul 21, 2022
Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and...
High
Unreviewed
CVE-2022-23763
was published
Jun 29, 2022
The authentication mechanism used by voters to activate a voting session on the tested version of...
Moderate
Unreviewed
CVE-2022-1747
was published
Jun 25, 2022
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6),...
Moderate
Unreviewed
CVE-2022-30228
was published
Jun 15, 2022
A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension...
Moderate
Unreviewed
CVE-2019-1413
was published
May 24, 2022
Through use of reportValidity() and window.open(), a plain-text validation message could have...
Moderate
Unreviewed
CVE-2021-38497
was published
May 24, 2022
Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54...
Moderate
Unreviewed
CVE-2021-37966
was published
May 24, 2022
Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote...
Moderate
Unreviewed
CVE-2021-37971
was published
May 24, 2022
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar...
High
Unreviewed
CVE-2020-27969
was published
May 24, 2022
Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a...
Moderate
Unreviewed
CVE-2021-30596
was published
May 24, 2022
In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur.
High
Unreviewed
CVE-2021-39270
was published
May 24, 2022
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a...
Moderate
Unreviewed
CVE-2021-21229
was published
May 24, 2022
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed...
Moderate
Unreviewed
CVE-2021-21211
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API