Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,052
Maven
5,000+
npm
4,793
NuGet
825
pip
4,389
Pub
12
RubyGems
988
Rust
1,145
Swift
50
Unreviewed advisories
All unreviewed
5,000+

370 advisories

Loading
CleverTap Web SDK is vulnerable to DOM-based XSS via handleCustomHtmlPreviewPostMessageEvent function High
CVE-2026-26861 was published for clevertap-web-sdk (npm) Feb 27, 2026
Local admin could to leak information from the Genetec Update Service configuration web page. An... Moderate Unreviewed
CVE-2025-1787 was published Feb 24, 2026
Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox <... Critical Unreviewed
CVE-2026-2790 was published Feb 24, 2026
Apache Camel: KeycloakSecurityPolicy does not validate issuer of JWT tokens against configured realm Critical
CVE-2026-23552 was published for org.apache.camel:camel-keycloak (Maven) Feb 23, 2026
Feathers has an origin validation bypass via prefix matching High
CVE-2026-27192 was published for @feathersjs/authentication-oauth (npm) Feb 19, 2026
vvxhid Credited to vvxhid and b0-n0-b0 b0-n0-b0 b0-n0-b0
Cache poisoning in @sveltejs/adapter-vercel Moderate
CVE-2026-27118 was published for @sveltejs/adapter-vercel (npm) Feb 19, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github
OpenClaw session tool visibility hardening and Telegram webhook secret fallback Moderate
CVE-2026-27004 was published for openclaw (npm) Feb 18, 2026
aether-ai-agent Credited to aether-ai-agent
Proctorio Chrome Extension is a browser extension used for online proctoring. The extension... Low Unreviewed
CVE-2026-2345 was published Feb 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18... High Unreviewed
CVE-2025-7659 was published Feb 11, 2026
Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS)... Moderate Unreviewed
CVE-2026-1997 was published Feb 10, 2026
An unauthenticated remote attacker is able to use an existing session id of a logged in user and... High Unreviewed
CVE-2022-50975 was published Feb 2, 2026
Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows... High Unreviewed
CVE-2022-50925 was published Jan 14, 2026
MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation High
CVE-2025-14279 was published for mlflow (pip) Jan 12, 2026
React Router has CSRF issue in Action/Server Action Request Processing Moderate
CVE-2026-22030 was published for @remix-run/server-runtime (npm) Jan 8, 2026
Oceandust Credited to Oceandust
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it... Critical Unreviewed
CVE-2025-67825 was published Jan 8, 2026
Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2... High Unreviewed
CVE-2026-20893 was published Jan 7, 2026
Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar... High Unreviewed
CVE-2025-69235 was published Dec 30, 2025
Authentication issue that does not verify the source of a packet which could allow an attacker to... High Unreviewed
CVE-2025-61740 was published Dec 22, 2025
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63388 was published Dec 18, 2025
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63386 was published Dec 18, 2025
Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox <... Moderate Unreviewed
CVE-2025-14331 was published Dec 9, 2025
Langflow CORS misconfiguration enables Account Takeover and RCE Critical
CVE-2025-34291 was published for langflow (pip) Dec 6, 2025
augustocesarperin Credited to augustocesarperin
Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3... Moderate Unreviewed
CVE-2025-8074 was published Dec 4, 2025
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information... High Unreviewed
CVE-2025-13947 was published Dec 3, 2025
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin... Moderate Unreviewed
CVE-2025-37734 was published Nov 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database