GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
248 advisories
Filter by severity
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with...
Critical
Unreviewed
CVE-2017-6519
was published
May 13, 2022
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3,...
High
Unreviewed
CVE-2014-1487
was published
May 13, 2022
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla...
Moderate
Unreviewed
CVE-2014-1502
was published
May 13, 2022
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1,...
Moderate
Unreviewed
CVE-2012-4193
was published
May 13, 2022
HashiCorp Consul vulnerable to Origin Validation Error
High
CVE-2019-9764
was published
for
github.com/hashicorp/consul
(Go)
May 13, 2022
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms...
High
Unreviewed
CVE-2019-7399
was published
May 13, 2022
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of...
Moderate
Unreviewed
CVE-2018-8235
was published
May 13, 2022
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of...
Moderate
Unreviewed
CVE-2018-8112
was published
May 13, 2022
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of...
High
Unreviewed
CVE-2018-4319
was published
May 13, 2022
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially...
Moderate
Unreviewed
CVE-2017-5646
was published
May 13, 2022
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a...
Moderate
Unreviewed
CVE-2019-5773
was published
May 13, 2022
An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware...
High
Unreviewed
CVE-2018-3834
was published
May 13, 2022
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which...
High
Unreviewed
CVE-2009-1185
was published
May 2, 2022
Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that...
Moderate
Unreviewed
CVE-2005-0877
was published
May 1, 2022
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received...
Moderate
Unreviewed
CVE-2001-1452
was published
Apr 30, 2022
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000,...
High
Unreviewed
CVE-2000-1218
was published
Apr 30, 2022
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a...
Moderate
Unreviewed
CVE-1999-1549
was published
Apr 30, 2022
FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which...
Moderate
Unreviewed
CVE-2003-0981
was published
Apr 29, 2022
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
High
Unreviewed
CVE-2022-29818
was published
Apr 29, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source...
High
Unreviewed
CVE-2021-32985
was published
Apr 5, 2022
In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL...
High
Unreviewed
CVE-2020-24772
was published
Mar 22, 2022
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue...
Moderate
Unreviewed
CVE-2022-22594
was published
Mar 19, 2022
Leaking of user information on Cross-Domain communication in sysend
Moderate
CVE-2022-24762
was published
for
sysend
(npm)
Mar 14, 2022
The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not...
Moderate
Unreviewed
CVE-2022-25146
was published
Mar 4, 2022
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a...
Moderate
Unreviewed
CVE-2022-0108
was published
Feb 13, 2022
ProTip!
Advisories are also available from the
GraphQL API