Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

41 advisories

Loading
Gradio's CORS origin validation accepts the null origin Moderate
CVE-2024-47165 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Gradios's CORS origin validation is not performed when the request has a cookie High
CVE-2024-47084 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Flowise Cors Misconfiguration in packages/server/src/index.ts High
CVE-2024-36421 was published for flowise (npm) Aug 5, 2024
Mattermost allows remote actor to set arbitrary RemoteId values for synced users Moderate
CVE-2024-41926 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS High
CVE-2024-1249 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
dhvakr
Keycloak path traversal vulnerability in the redirect validation High
CVE-2024-2419 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials Critical
CVE-2024-25124 was published for github.com/gofiber/fiber/v2 (Go) Feb 22, 2024
gaby sixcolors
ReneWerner87
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability High
CVE-2024-26135 was published for meshcentral (npm) Feb 21, 2024
Classic builder cache poisoning Moderate
CVE-2024-24557 was published for github.com/docker/docker (Go) Feb 1, 2024
vvoland rumpl
gabriellavengeo
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI High
CVE-2024-23898 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
Overly permissive origin policy High
CVE-2023-49803 was published for @koa/cors (npm) Dec 11, 2023
PawelJ-PL
Unintentional leakage of private information via cross-origin websocket session hijacking Moderate
CVE-2023-2850 was published for nodebb (npm) Jul 25, 2023
mowzk barisusakli
code-server vulnerable to Missing Origin Validation in WebSockets Critical
CVE-2023-26114 was published for code-server (npm) Mar 23, 2023
Zip4j Origin Validation Error Moderate
CVE-2023-22899 was published for net.lingala.zip4j:zip4j (Maven) Jan 10, 2023
0xSSA
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy Critical
CVE-2017-20146 was published for github.com/gorilla/handlers (Go) Dec 28, 2022
Tailscale Windows daemon is vulnerable to RCE via CSRF Critical
CVE-2022-41924 was published for tailscale.com (Go) Nov 21, 2022
emilytrau JJJollyjim
hod-alpert
Phoenix before 1.6.14 mishandles check_origin wildcarding High
CVE-2022-42975 was published for phoenix (Erlang) Oct 17, 2022
maennchen
Origin Validation Error in rdiffweb Critical
CVE-2022-3457 was published for rdiffweb (pip) Oct 14, 2022
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect Low
CVE-2022-31151 was published for undici (npm) Jul 21, 2022
Haxatron
CardGate Payments plugin for WooCommerce does not validate request origin High
CVE-2020-8819 was published for cardgate/woocommerce (Composer) May 24, 2022
Origin Validation Error in Apache NiFi High
CVE-2017-7667 was published for org.apache.nifi:nifi (Maven) May 17, 2022
Yii Incorrectly Implements CORS Moderate
CVE-2018-20745 was published for yiisoft/yii2 (Composer) May 14, 2022
github.com/gofiber/fiber/v2 vulnerable to Origin Validation Error Moderate
CVE-2018-20744 was published for github.com/gofiber/fiber/v2 (Go) May 14, 2022
RubyGems has Origin Validation Error vulnerability High
CVE-2017-0902 was published for rubygems-update (RubyGems) May 13, 2022
HashiCorp Consul vulnerable to Origin Validation Error High
CVE-2019-9764 was published for github.com/hashicorp/consul (Go) May 13, 2022
ProTip! Advisories are also available from the GraphQL API