Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,885
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,209
NuGet
744
pip
3,987
Pub
12
RubyGems
950
Rust
1,035
Swift
45
Unreviewed advisories
All unreviewed
5,000+

337 advisories

Loading
SillyTavern Web Interface Vulnerable DNS Rebinding Critical
CVE-2025-59159 was published for sillytavern (npm) Oct 6, 2025
Atom1cByte
A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability... Moderate Unreviewed
CVE-2025-11304 was published Oct 5, 2025
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser Moderate
CVE-2025-30360 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red
Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass High
CVE-2025-59845 was published for @apollo/explorer (npm) Sep 26, 2025
ekzyis 0x9x-ui
A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point ... Moderate Unreviewed
CVE-2025-20364 was published Sep 24, 2025
Parcel has an Origin Validation Error vulnerability Moderate
CVE-2025-56648 was published for @parcel/reporter-dev-server (npm) Sep 17, 2025
R4356th
Neo4j Cypher MCP server is vulnerable to DNS rebinding High
CVE-2025-10193 was published for mcp-neo4j-cypher (pip) Sep 11, 2025
eharris128
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability High
CVE-2025-9636 was published for pgadmin4 (pip) Sep 5, 2025
Origin Validation Error vulnerability in Akinsoft LimonDesk allows Forceful Browsing.This issue... High Unreviewed
CVE-2024-13068 was published Sep 3, 2025
An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client... High Unreviewed
CVE-2025-51605 was published Aug 22, 2025
elysia-cors Origin Validation Error Moderate
CVE-2025-50864 was published for @elysiajs/cors (npm) Aug 20, 2025
'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects... High Unreviewed
CVE-2025-9180 was published Aug 19, 2025
HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning.  The BigFix SaaS's HTTP... Moderate Unreviewed
CVE-2025-52621 was published Aug 16, 2025
A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui... Critical Unreviewed
CVE-2024-11045 was published Mar 20, 2025
In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic... Moderate Unreviewed
CVE-2025-53399 was published Aug 1, 2025
Keycloak phishing attack via email verification step in first login flow Moderate
CVE-2025-7365 was published for org.keycloak:keycloak-services (Maven) Jul 30, 2025
Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow Moderate
GHSA-gj52-35xm-gxjh was published for org.keycloak:keycloak-services (Maven) Jul 10, 2025 withdrawn
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS... Moderate Unreviewed
CVE-2015-4495 was published May 14, 2022
Liferay Portal and Liferay DXP fails to check origin of event messages Moderate
CVE-2022-25146 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 4, 2022
GPT Academy version 3.83 in the binary-husky/gpt_academic repository is vulnerable to Cross-Site... High Unreviewed
CVE-2024-10956 was published Mar 20, 2025
Mattermost allows remote actor to set arbitrary RemoteId values for synced users Moderate
CVE-2024-41926 was published for github.com/mattermost/mattermost (Go) Aug 1, 2024
Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab... High Unreviewed
CVE-2025-53600 was published Jul 4, 2025
Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass... Moderate Unreviewed
CVE-2025-5824 was published Jun 26, 2025
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local... High Unreviewed
CVE-2023-47195 was published Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local... High Unreviewed
CVE-2023-47193 was published Jan 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database