Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

359 advisories

Loading
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account... Critical Unreviewed
CVE-2025-34291 was published Dec 6, 2025
Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows... High Unreviewed
CVE-2022-50925 was published Jan 14, 2026
MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation High
CVE-2025-14279 was published for mlflow (pip) Jan 12, 2026
React Router has CSRF issue in Action/Server Action Request Processing Moderate
CVE-2026-22030 was published for @remix-run/server-runtime (npm) Jan 8, 2026
Oceandust
Credited to Oceandust
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it... Critical Unreviewed
CVE-2025-67825 was published Jan 8, 2026
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information... High Unreviewed
CVE-2025-13947 was published Dec 3, 2025
Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2... High Unreviewed
CVE-2026-20893 was published Jan 7, 2026
Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar... High Unreviewed
CVE-2025-69235 was published Dec 30, 2025
Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass High
CVE-2025-59845 was published for @apollo/explorer (npm) Sep 26, 2025
ekzyis
Credited to ekzyis
Authentication issue that does not verify the source of a packet which could allow an attacker to... High Unreviewed
CVE-2025-61740 was published Dec 22, 2025
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63388 was published Dec 18, 2025
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63386 was published Dec 18, 2025
Default CORS config allows any origin with credentials Critical
CVE-2021-39185 was published for org.http4s:http4s-server_2.10 (Maven) Sep 2, 2021
bplommer
Credited to bplommer
Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox <... Moderate Unreviewed
CVE-2025-14331 was published Dec 9, 2025
Parcel has an Origin Validation Error vulnerability Moderate
CVE-2025-56648 was published for @parcel/reporter-dev-server (npm) Sep 17, 2025
R4356th G-Rath
Credited to R4356th and G-Rath
Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3... Moderate Unreviewed
CVE-2025-8074 was published Dec 4, 2025
A same-origin policy violation allowing the theft of cross-origin URL entries when using the... Moderate Unreviewed
CVE-2018-18494 was published May 14, 2022
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does... High Unreviewed
CVE-2016-9902 was published May 14, 2022
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin... Moderate Unreviewed
CVE-2025-37734 was published Nov 12, 2025
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6),... Moderate Unreviewed
CVE-2022-30228 was published Jun 15, 2022
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80... Moderate Unreviewed
CVE-2025-12905 was published Nov 8, 2025
Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The... High Unreviewed
CVE-2024-14006 was published Oct 31, 2025
In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic... Moderate Unreviewed
CVE-2025-53399 was published Aug 1, 2025
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of... Moderate Unreviewed
CVE-2024-44187 was published Sep 17, 2024
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2.... Moderate Unreviewed
CVE-2024-54490 was published Dec 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database