Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

112 advisories

Loading
A same-origin policy violation allowing the theft of cross-origin URL entries when using the... Moderate Unreviewed
CVE-2018-18494 was published May 14, 2022
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81... Moderate Unreviewed
CVE-2018-16072 was published May 13, 2022
The internal WebBrowserPersist code does not use correct origin context for a resource being... Moderate Unreviewed
CVE-2018-12402 was published May 13, 2022
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature... Moderate Unreviewed
CVE-2017-8650 was published May 13, 2022
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows... Moderate Unreviewed
CVE-2017-8530 was published May 13, 2022
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows... Moderate Unreviewed
CVE-2017-8523 was published May 13, 2022
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and... Moderate Unreviewed
CVE-2017-18016 was published May 13, 2022
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via... Moderate Unreviewed
CVE-2011-3072 was published May 13, 2022
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via... Moderate Unreviewed
CVE-2011-3067 was published May 13, 2022
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via... Moderate Unreviewed
CVE-2011-3056 was published May 13, 2022
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle... Moderate Unreviewed
CVE-2011-3956 was published May 13, 2022
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla... Moderate Unreviewed
CVE-2014-1502 was published May 13, 2022
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1,... Moderate Unreviewed
CVE-2012-4193 was published May 13, 2022
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of... Moderate Unreviewed
CVE-2018-8235 was published May 13, 2022
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of... Moderate Unreviewed
CVE-2018-8112 was published May 13, 2022
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially... Moderate Unreviewed
CVE-2017-5646 was published May 13, 2022
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a... Moderate Unreviewed
CVE-2019-5773 was published May 13, 2022
Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that... Moderate Unreviewed
CVE-2005-0877 was published May 1, 2022
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received... Moderate Unreviewed
CVE-2001-1452 was published Apr 30, 2022
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a... Moderate Unreviewed
CVE-1999-1549 was published Apr 30, 2022
FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which... Moderate Unreviewed
CVE-2003-0981 was published Apr 29, 2022
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue... Moderate Unreviewed
CVE-2022-22594 was published Mar 19, 2022
Leaking of user information on Cross-Domain communication in sysend Moderate
CVE-2022-24762 was published for sysend (npm) Mar 14, 2022
The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not... Moderate Unreviewed
CVE-2022-25146 was published Mar 4, 2022
Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote... Moderate Unreviewed
CVE-2022-0113 was published Feb 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database