Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account... Critical Unreviewed
CVE-2025-34291 was published Dec 6, 2025
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it... Critical Unreviewed
CVE-2025-67825 was published Jan 8, 2026
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63386 was published Dec 18, 2025
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63388 was published Dec 18, 2025
Default CORS config allows any origin with credentials Critical
CVE-2021-39185 was published for org.http4s:http4s-server_2.10 (Maven) Sep 2, 2021
bplommer
Credited to bplommer
A compromised content process could have allowed for the arbitrary loading of cross-origin pages.... Critical Unreviewed
CVE-2024-9392 was published Oct 1, 2024
Gin mishandles a wildcard at the end of an origin string Critical
CVE-2019-25211 was published for github.com/gin-contrib/cors (Go) Jun 29, 2024
SillyTavern Web Interface Vulnerable DNS Rebinding Critical
CVE-2025-59159 was published for sillytavern (npm) Oct 6, 2025
Atom1cByte
Credited to Atom1cByte
A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui... Critical Unreviewed
CVE-2024-11045 was published Mar 20, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 18.4,... Critical Unreviewed
CVE-2025-30466 was published May 30, 2025
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with... Critical Unreviewed
CVE-2017-6519 was published May 13, 2022
Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions below... Critical Unreviewed
CVE-2025-3651 was published Apr 17, 2025
The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related... Critical Unreviewed
CVE-2023-29728 was published May 31, 2023
Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool... Critical Unreviewed
CVE-2023-33443 was published Jun 8, 2023
An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows... Critical Unreviewed
CVE-2023-29711 was published Jun 22, 2023
In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password. Critical Unreviewed
CVE-2023-25366 was published Jun 16, 2023
The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling. Critical Unreviewed
CVE-2021-47157 was published Mar 18, 2024
Origin Validation Error in rdiffweb Critical
CVE-2022-3457 was published for rdiffweb (pip) Oct 14, 2022
Improper Authorization and Origin Validation Error in OneFuzz Critical
CVE-2021-37705 was published for onefuzz (pip) Aug 13, 2021
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration. Critical Unreviewed
CVE-2024-41475 was published Aug 12, 2024
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and... Critical Unreviewed
CVE-2018-5409 was published May 24, 2022
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site... Critical Unreviewed
CVE-2023-0957 was published Jul 6, 2023
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected... Critical Unreviewed
CVE-2014-125071 was published Jan 9, 2023
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials Critical
CVE-2024-25124 was published for github.com/gofiber/fiber/v2 (Go) Feb 22, 2024
gaby sixcolors
ReneWerner87
Credited to gaby, sixcolors, and ReneWerner87
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to... Critical Unreviewed
CVE-2023-3654 was published Oct 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database