GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
41 advisories
Filter by severity
User Impersonation in converse.js
Moderate
CVE-2017-5858
was published
for
converse.js
(npm)
Sep 11, 2020
Steam Socialite Provider v1 does not correctly validate openid server
Critical
GHSA-hhw9-35p2-q2c5
was published
for
socialiteproviders/steam
(Composer)
Jan 29, 2021
Elvish vulnerable to remote code execution via the web UI backend
High
CVE-2021-41088
was published
for
github.com/elves/elvish
(Go)
Sep 23, 2021
Kirby .dev domains and some reverse proxy setups were treated as local
Moderate
CVE-2020-26253
was published
for
getkirby/cms
(Composer)
Jan 14, 2021
Zip4j Origin Validation Error
Moderate
CVE-2023-22899
was published
for
net.lingala.zip4j:zip4j
(Maven)
Jan 10, 2023
Origin Validation Error in rdiffweb
Critical
CVE-2022-3457
was published
for
rdiffweb
(pip)
Oct 14, 2022
Remote code execution in Eclipse Theia
High
CVE-2021-34435
was published
for
@theia/mini-browser
(npm)
Sep 2, 2021
Origin Validation Error in Apache NiFi
High
CVE-2017-7667
was published
for
org.apache.nifi:nifi
(Maven)
May 17, 2022
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Low
CVE-2022-31151
was published
for
undici
(npm)
Jul 21, 2022
Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library
Moderate
CVE-2019-11777
was published
for
org.eclipse.paho:org.eclipse.paho.client.mqttv3
(Maven)
Sep 17, 2019
Default CORS config allows any origin with credentials
Critical
CVE-2021-39185
was published
for
org.http4s:http4s-server
(Maven)
Sep 2, 2021
Origin Validation Error in Magento 2
High
CVE-2020-8818
was published
for
cardgate/magento2
(Composer)
Oct 12, 2021
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy
Critical
CVE-2017-20146
was published
for
github.com/gorilla/handlers
(Go)
Dec 28, 2022
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman
Moderate
CVE-2021-4024
was published
for
github.com/containers/podman/v3
(Go)
Jan 6, 2022
RubyGems has Origin Validation Error vulnerability
High
CVE-2017-0902
was published
for
rubygems-update
(RubyGems)
May 13, 2022
code-server vulnerable to Missing Origin Validation in WebSockets
Critical
CVE-2023-26114
was published
for
code-server
(npm)
Mar 23, 2023
HashiCorp Consul vulnerable to Origin Validation Error
High
CVE-2019-9764
was published
for
github.com/hashicorp/consul
(Go)
May 13, 2022
Tailscale Windows daemon is vulnerable to RCE via CSRF
Critical
CVE-2022-41924
was published
for
tailscale.com
(Go)
Nov 21, 2022
Leaking of user information on Cross-Domain communication in sysend
Moderate
CVE-2022-24762
was published
for
sysend
(npm)
Mar 14, 2022
CardGate Payments plugin for WooCommerce does not validate request origin
High
CVE-2020-8819
was published
for
cardgate/woocommerce
(Composer)
May 24, 2022
Origin Validation Error in Apache Maven
Critical
CVE-2021-26291
was published
for
org.apache.maven:maven-compat
(Maven)
Jun 16, 2021
Yii Incorrectly Implements CORS
Moderate
CVE-2018-20745
was published
for
yiisoft/yii2
(Composer)
May 14, 2022
CORS misconfiguration in socket.io
Moderate
CVE-2020-28481
was published
for
socket.io
(npm)
Jan 20, 2021
Podman Origin Validation Error
Moderate
CVE-2021-20199
was published
for
github.com/containers/podman/v3
(Go)
May 18, 2021
Unintentional leakage of private information via cross-origin websocket session hijacking
Moderate
CVE-2023-2850
was published
for
nodebb
(npm)
Jul 25, 2023
ProTip!
Advisories are also available from the
GraphQL API