GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,109
Composer 4,884
Erlang 37
GitHub Actions 38
Go 2,546
Maven 5,998
npm 4,207
NuGet 743
pip 3,979
Pub 12
RubyGems 947
Rust 1,034
Swift 45

Unreviewed advisories

All unreviewed 272,398

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

6 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

code-server vulnerable to Missing Origin Validation in WebSockets Critical

CVE-2023-26114 was published for code-server (npm) Mar 23, 2023

Unintentional leakage of private information via cross-origin websocket session hijacking Moderate

CVE-2023-2850 was published for nodebb (npm) Jul 25, 2023

Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening Critical

CVE-2025-24964 was published for vitest (npm) Feb 4, 2025

Websites were able to send any requests to the development server and read the response in vite Moderate

CVE-2025-24010 was published for vite (npm) Jan 21, 2025

Information exposure in Next.js dev server due to lack of origin verification Low

CVE-2025-48068 was published for next (npm) May 28, 2025

Claude Code Improper Authorization via websocket connections from arbitrary origins High

CVE-2025-52882 was published for @anthropic-ai/claude-code (npm) Jun 23, 2025

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

6 advisories