Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
A missing origin validation in WebSockets vulnerability affects the GraphicalData web services... Moderate Unreviewed
CVE-2026-1692 was published Feb 26, 2026
@farmfe/core is Missing Origin Validation in WebSocket Moderate
CVE-2025-56647 was published for @farmfe/core (npm) Feb 12, 2026
Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails Moderate
CVE-2026-22689 was published for github.com/axllent/mailpit (Go) Jan 13, 2026
omarkurt Credited to omarkurt
Bokeh server applications have Incomplete Origin Validation in WebSockets Moderate
CVE-2026-21883 was published for bokeh (pip) Jan 6, 2026
katzj Credited to katzj and aydinnyunus aydinnyunus aydinnyunus
GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and... Moderate Unreviewed
CVE-2025-61987 was published Dec 12, 2025
Apache Zeppelin: Missing Origin Validation in WebSockets vulnerability Moderate
CVE-2024-51775 was published for org.apache.zeppelin:zeppelin-shell (Maven) Aug 3, 2025
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking... Moderate Unreviewed
CVE-2025-36116 was published Jul 23, 2025
Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component... Moderate Unreviewed
CVE-2024-8201 was published May 16, 2025
Websites were able to send any requests to the development server and read the response in vite Moderate
CVE-2025-24010 was published for vite (npm) Jan 21, 2025
ivantsepp Credited to ivantsepp
CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The... Moderate Unreviewed
CVE-2023-32264 was published Mar 8, 2024
Unintentional leakage of private information via cross-origin websocket session hijacking Moderate
CVE-2023-2850 was published for nodebb (npm) Jul 25, 2023
mowzk Credited to mowzk and barisusakli barisusakli barisusakli
Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via... Moderate Unreviewed
CVE-2023-2886 was published May 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database