GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
234 advisories
Filter by severity
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received...
Moderate
Unreviewed
CVE-2001-1452
was published
Apr 30, 2022
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000,...
High
Unreviewed
CVE-2000-1218
was published
Apr 30, 2022
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a...
Moderate
Unreviewed
CVE-1999-1549
was published
Apr 30, 2022
FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which...
Moderate
Unreviewed
CVE-2003-0981
was published
Apr 29, 2022
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
High
Unreviewed
CVE-2022-29818
was published
Apr 29, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source...
High
Unreviewed
CVE-2021-32985
was published
Apr 5, 2022
In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL...
High
Unreviewed
CVE-2020-24772
was published
Mar 22, 2022
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue...
Moderate
Unreviewed
CVE-2022-22594
was published
Mar 19, 2022
Leaking of user information on Cross-Domain communication in sysend
Moderate
CVE-2022-24762
was published
for
sysend
(npm)
Mar 14, 2022
The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not...
Moderate
Unreviewed
CVE-2022-25146
was published
Mar 4, 2022
Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote...
Moderate
Unreviewed
CVE-2022-0113
was published
Feb 13, 2022
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a...
Moderate
Unreviewed
CVE-2022-0111
was published
Feb 13, 2022
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a...
Moderate
Unreviewed
CVE-2022-0108
was published
Feb 13, 2022
Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote...
Moderate
Unreviewed
CVE-2022-0120
was published
Feb 13, 2022
Cookie and header exposure in twisted
High
CVE-2022-21712
was published
for
Twisted
(pip)
Feb 7, 2022
In all versions before 7.2.1.4, when proxy settings are configured in the network access resource...
Moderate
Unreviewed
CVE-2022-23032
was published
Jan 26, 2022
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman
Moderate
CVE-2021-4024
was published
for
github.com/containers/podman/v3
(Go)
Jan 6, 2022
glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html...
Critical
Unreviewed
CVE-2021-44935
was published
Dec 15, 2021
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS)...
Critical
Unreviewed
CVE-2021-39063
was published
Dec 14, 2021
The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently...
Moderate
Unreviewed
CVE-2021-38507
was published
Dec 9, 2021
When a user loaded a Web Extensions context menu, the Web Extension could access the post...
Moderate
Unreviewed
CVE-2021-43531
was published
Dec 9, 2021
Origin Validation Error in Magento 2
High
CVE-2020-8818
was published
for
cardgate/magento2
(Composer)
Oct 12, 2021
Elvish vulnerable to remote code execution via the web UI backend
High
CVE-2021-41088
was published
for
github.com/elves/elvish
(Go)
Sep 23, 2021
Remote code execution in Eclipse Theia
High
CVE-2021-34435
was published
for
@theia/mini-browser
(npm)
Sep 2, 2021
Default CORS config allows any origin with credentials
Critical
CVE-2021-39185
was published
for
org.http4s:http4s-server
(Maven)
Sep 2, 2021
ProTip!
Advisories are also available from the
GraphQL API