GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
User Impersonation in converse.js
Moderate
CVE-2017-5858
was published
for
converse.js
(npm)
Sep 11, 2020
Leaking of user information on Cross-Domain communication in sysend
Moderate
CVE-2022-24762
was published
for
sysend
(npm)
Mar 14, 2022
CORS misconfiguration in socket.io
Moderate
CVE-2020-28481
was published
for
socket.io
(npm)
Jan 20, 2021
Unintentional leakage of private information via cross-origin websocket session hijacking
Moderate
CVE-2023-2850
was published
for
nodebb
(npm)
Jul 25, 2023
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion
Moderate
CVE-2024-53866
was published
for
pnpm
(npm)
Dec 10, 2024
Websites were able to send any requests to the development server and read the response in vite
Moderate
CVE-2025-24010
was published
for
vite
(npm)
Jan 21, 2025
esbuild enables any website to send any requests to the development server and read the response
Moderate
GHSA-67mh-4wv8-2f99
was published
for
esbuild
(npm)
Feb 10, 2025
@misskey-dev/summaly allows IP Filter Bypass via Redirect
Moderate
GHSA-jqx4-9gpq-rppm
was published
for
@misskey-dev/summaly
(npm)
May 6, 2025
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
Moderate
CVE-2025-30360
was published
for
webpack-dev-server
(npm)
Jun 4, 2025
elysia-cors Origin Validation Error
Moderate
CVE-2025-50864
was published
for
@elysiajs/cors
(npm)
Aug 20, 2025
OpenClaw session tool visibility hardening and Telegram webhook secret fallback
Moderate
CVE-2026-27004
was published
for
openclaw
(npm)
Feb 18, 2026
Cache poisoning in @sveltejs/adapter-vercel
Moderate
CVE-2026-27118
was published
for
@sveltejs/adapter-vercel
(npm)
Feb 19, 2026
OpenClaw's browser-origin WebSocket auth hardening gap could enable loopback password brute-force chains
Moderate
CVE-2026-32025
was published
for
openclaw
(npm)
Mar 3, 2026
GraphQL API endpoint ignores CORS origin restriction
Moderate
CVE-2026-34373
was published
for
parse-server
(npm)
Mar 30, 2026
Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow
Moderate
CVE-2026-34083
was published
for
signalk-server
(npm)
Apr 3, 2026
Electron: Incorrect origin passed to permission request handler for iframe requests
Moderate
CVE-2026-34777
was published
for
electron
(npm)
Apr 3, 2026
Parcel has an Origin Validation Error vulnerability
Moderate
CVE-2025-56648
was published
for
@parcel/reporter-dev-server
(npm)
Sep 17, 2025
@cyclonedx/cdxgen: Docker registry auth substring match forwards credentials to a different registry
Moderate
GHSA-qhh4-458h-xwh2
was published
for
@cyclonedx/cdxgen
(npm)
May 8, 2026
React Router has CSRF issue in Action/Server Action Request Processing
Moderate
CVE-2026-22030
was published
for
@remix-run/server-runtime
(npm)
Jan 8, 2026
@hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects
Moderate
CVE-2026-48022
was published
for
@hapi/wreck
(npm)
Jun 11, 2026
webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies
Moderate
CVE-2026-9595
was published
for
webpack-dev-server
(npm)
Jun 17, 2026
ProTip!
Advisories are also available from the
GraphQL API