GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
216 advisories
Filter by severity
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS)...
Critical
Unreviewed
CVE-2021-39063
was published
Dec 14, 2021
The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently...
Moderate
Unreviewed
CVE-2021-38507
was published
Dec 9, 2021
When a user loaded a Web Extensions context menu, the Web Extension could access the post...
Moderate
Unreviewed
CVE-2021-43531
was published
Dec 9, 2021
Origin Validation Error in Magento 2
High
CVE-2020-8818
was published
for
cardgate/magento2
(Composer)
Oct 12, 2021
Elvish vulnerable to remote code execution via the web UI backend
High
CVE-2021-41088
was published
for
github.com/elves/elvish
(Go)
Sep 23, 2021
Remote code execution in Eclipse Theia
High
CVE-2021-34435
was published
for
@theia/mini-browser
(npm)
Sep 2, 2021
Default CORS config allows any origin with credentials
Critical
CVE-2021-39185
was published
for
org.http4s:http4s-server
(Maven)
Sep 2, 2021
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
Origin Validation Error in Apache Maven
Critical
CVE-2021-26291
was published
for
org.apache.maven:maven-compat
(Maven)
Jun 16, 2021
Podman Origin Validation Error
Moderate
CVE-2021-20199
was published
for
github.com/containers/podman/v3
(Go)
May 18, 2021
Steam Socialite Provider v1 does not correctly validate openid server
Critical
GHSA-hhw9-35p2-q2c5
was published
for
socialiteproviders/steam
(Composer)
Jan 29, 2021
CORS misconfiguration in socket.io
Moderate
CVE-2020-28481
was published
for
socket.io
(npm)
Jan 20, 2021
Kirby .dev domains and some reverse proxy setups were treated as local
Moderate
CVE-2020-26253
was published
for
getkirby/cms
(Composer)
Jan 14, 2021
User Impersonation in converse.js
Moderate
CVE-2017-5858
was published
for
converse.js
(npm)
Sep 11, 2020
Backend Same-Site Request Forgery in TYPO3 CMS
High
CVE-2020-11069
was published
for
typo3/cms
(Composer)
May 13, 2020
Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library
Moderate
CVE-2019-11777
was published
for
org.eclipse.paho:org.eclipse.paho.client.mqttv3
(Maven)
Sep 17, 2019
ProTip!
Advisories are also available from the
GraphQL API