GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
216 advisories
Filter by severity
A same-origin policy violation allowing the theft of cross-origin URL entries when using the...
Moderate
Unreviewed
CVE-2018-18494
was published
May 14, 2022
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which...
High
Unreviewed
CVE-2018-6764
was published
May 13, 2022
The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover...
High
Unreviewed
CVE-2018-6654
was published
May 13, 2022
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81...
Moderate
Unreviewed
CVE-2018-16072
was published
May 13, 2022
The internal WebBrowserPersist code does not use correct origin context for a resource being...
Moderate
Unreviewed
CVE-2018-12402
was published
May 13, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request...
High
Unreviewed
CVE-2017-8793
was published
May 13, 2022
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature...
Moderate
Unreviewed
CVE-2017-8650
was published
May 13, 2022
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows...
Moderate
Unreviewed
CVE-2017-8523
was published
May 13, 2022
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows...
Moderate
Unreviewed
CVE-2017-8530
was published
May 13, 2022
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and...
Moderate
Unreviewed
CVE-2017-18016
was published
May 13, 2022
RubyGems has Origin Validation Error vulnerability
High
CVE-2017-0902
was published
for
rubygems-update
(RubyGems)
May 13, 2022
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications...
Critical
Unreviewed
CVE-2018-5400
was published
May 13, 2022
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in...
High
Unreviewed
CVE-2018-6690
was published
May 13, 2022
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via...
Moderate
Unreviewed
CVE-2011-3072
was published
May 13, 2022
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via...
Moderate
Unreviewed
CVE-2011-3067
was published
May 13, 2022
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via...
Moderate
Unreviewed
CVE-2011-3056
was published
May 13, 2022
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle...
Moderate
Unreviewed
CVE-2011-3956
was published
May 13, 2022
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the...
High
Unreviewed
CVE-2011-2856
was published
May 13, 2022
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with...
Critical
Unreviewed
CVE-2017-6519
was published
May 13, 2022
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3,...
High
Unreviewed
CVE-2014-1487
was published
May 13, 2022
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla...
Moderate
Unreviewed
CVE-2014-1502
was published
May 13, 2022
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1,...
Moderate
Unreviewed
CVE-2012-4193
was published
May 13, 2022
HashiCorp Consul vulnerable to Origin Validation Error
High
CVE-2019-9764
was published
for
github.com/hashicorp/consul
(Go)
May 13, 2022
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms...
High
Unreviewed
CVE-2019-7399
was published
May 13, 2022
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of...
Moderate
Unreviewed
CVE-2018-8235
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API