GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,960
Composer 4,279
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,421
Pub 12
RubyGems 891
Rust 873
Swift 36

Unreviewed advisories

All unreviewed 238,903

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

206 advisories

Filter by severity

Sort by

Least recently updated

GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links... Moderate Unreviewed

CVE-2017-1000455 was published May 14, 2022

In the getHost() function of UriTest.java, there is the possibility of incorrect web origin... Critical Unreviewed

CVE-2017-13274 was published May 14, 2022

WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active... Critical Unreviewed

CVE-2018-5116 was published May 14, 2022

An audio capture session can started under an incorrect origin from the site making the capture... Moderate Unreviewed

CVE-2018-5109 was published May 14, 2022

Response header name interning does not have same-origin protections and these headers are stored... High Unreviewed

CVE-2017-7797 was published May 14, 2022

The Pocket toolbar button, once activated, listens for events fired from it's own pages but does... High Unreviewed

CVE-2016-9902 was published May 14, 2022

EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates... High Unreviewed

CVE-2018-14903 was published May 14, 2022

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta... Moderate Unreviewed

CVE-2018-18499 was published May 14, 2022

A same-origin policy violation allowing the theft of cross-origin URL entries when using the... Moderate Unreviewed

CVE-2018-18494 was published May 14, 2022

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which... High Unreviewed

CVE-2018-6764 was published May 13, 2022

The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover... High Unreviewed

CVE-2018-6654 was published May 13, 2022

A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81... Moderate Unreviewed

CVE-2018-16072 was published May 13, 2022

The internal WebBrowserPersist code does not use correct origin context for a resource being... Moderate Unreviewed

CVE-2018-12402 was published May 13, 2022

An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request... High Unreviewed

CVE-2017-8793 was published May 13, 2022

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature... Moderate Unreviewed

CVE-2017-8650 was published May 13, 2022

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows... Moderate Unreviewed

CVE-2017-8530 was published May 13, 2022

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows... Moderate Unreviewed

CVE-2017-8523 was published May 13, 2022

Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and... Moderate Unreviewed

CVE-2017-18016 was published May 13, 2022

The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications... Critical Unreviewed

CVE-2018-5400 was published May 13, 2022

Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in... High Unreviewed

CVE-2018-6690 was published May 13, 2022

Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via... Moderate Unreviewed

CVE-2011-3072 was published May 13, 2022

Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via... Moderate Unreviewed

CVE-2011-3067 was published May 13, 2022

Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via... Moderate Unreviewed

CVE-2011-3056 was published May 13, 2022

The extension implementation in Google Chrome before 17.0.963.46 does not properly handle... Moderate Unreviewed

CVE-2011-3956 was published May 13, 2022

Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the... High Unreviewed

CVE-2011-2856 was published May 13, 2022

Previous 1 2 … 5 6 7 8 9 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

206 advisories