Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,427
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

134 advisories

Loading
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96... Moderate Unreviewed
CVE-2021-21136 was published May 24, 2022
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus... Moderate Unreviewed
CVE-2020-15733 was published May 24, 2022
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of... Moderate Unreviewed
CVE-2019-8754 was published May 24, 2022
When a link to an external protocol was clicked, a prompt was presented that allowed the user to... Moderate Unreviewed
CVE-2020-15682 was published May 24, 2022
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the... Moderate Unreviewed
CVE-2020-15652 was published May 24, 2022
Temi firmware 20190419.165201 does not properly verify that the source of data or communication... Moderate Unreviewed
CVE-2020-16168 was published May 24, 2022
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the... Moderate Unreviewed
CVE-2020-12397 was published May 24, 2022
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block... Moderate Unreviewed
CVE-2020-11868 was published May 24, 2022
If two same-origin documents set document.domain differently to become cross-origin, it was... Moderate Unreviewed
CVE-2019-11762 was published May 24, 2022
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for... Moderate Unreviewed
CVE-2019-5062 was published May 24, 2022
Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker... Moderate Unreviewed
CVE-2019-13740 was published May 24, 2022
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection... Moderate Unreviewed
CVE-2019-16275 was published May 24, 2022
Images from a different domain can be read using a canvas object in some circumstances. This... Moderate Unreviewed
CVE-2019-9817 was published May 24, 2022
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote... Moderate Unreviewed
CVE-2019-5834 was published May 24, 2022
Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with... Moderate Unreviewed
CVE-2019-8282 was published May 24, 2022
If WebRTC permission is requested from documents with data: or blob: URLs, the permission... Moderate Unreviewed
CVE-2019-9808 was published May 24, 2022
Cross-origin images can be read in violation of the same-origin policy by exporting an image... Moderate Unreviewed
CVE-2019-9797 was published May 24, 2022
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links... Moderate Unreviewed
CVE-2017-1000455 was published May 14, 2022
An audio capture session can started under an incorrect origin from the site making the capture... Moderate Unreviewed
CVE-2018-5109 was published May 14, 2022
Yii Incorrectly Implements CORS Moderate
CVE-2018-20745 was published for yiisoft/yii2 (Composer) May 14, 2022
github.com/gofiber/fiber/v2 vulnerable to Origin Validation Error Moderate
CVE-2018-20744 was published for github.com/gofiber/fiber/v2 (Go) May 14, 2022
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta... Moderate Unreviewed
CVE-2018-18499 was published May 14, 2022
A same-origin policy violation allowing the theft of cross-origin URL entries when using the... Moderate Unreviewed
CVE-2018-18494 was published May 14, 2022
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81... Moderate Unreviewed
CVE-2018-16072 was published May 13, 2022
The internal WebBrowserPersist code does not use correct origin context for a resource being... Moderate Unreviewed
CVE-2018-12402 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database