Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9 advisories

Loading
Steam Socialite Provider v1 does not correctly validate openid server Critical
GHSA-hhw9-35p2-q2c5 was published for socialiteproviders/steam (Composer) Jan 29, 2021
MadMikeyB
Origin Validation Error in rdiffweb Critical
CVE-2022-3457 was published for rdiffweb (pip) Oct 14, 2022
Default CORS config allows any origin with credentials Critical
CVE-2021-39185 was published for org.http4s:http4s-server (Maven) Sep 2, 2021
bplommer
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy Critical
CVE-2017-20146 was published for github.com/gorilla/handlers (Go) Dec 28, 2022
code-server vulnerable to Missing Origin Validation in WebSockets Critical
CVE-2023-26114 was published for code-server (npm) Mar 23, 2023
Tailscale Windows daemon is vulnerable to RCE via CSRF Critical
CVE-2022-41924 was published for tailscale.com (Go) Nov 21, 2022
emilytrau JJJollyjim
hod-alpert
Origin Validation Error in Apache Maven Critical
CVE-2021-26291 was published for org.apache.maven:maven-compat (Maven) Jun 16, 2021
joshbressers
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials Critical
CVE-2024-25124 was published for github.com/gofiber/fiber/v2 (Go) Feb 22, 2024
gaby sixcolors
ReneWerner87
Improper Authorization and Origin Validation Error in OneFuzz Critical
CVE-2021-37705 was published for onefuzz (pip) Aug 13, 2021
ProTip! Advisories are also available from the GraphQL API