GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
52 advisories
Filter by severity
User Impersonation in converse.js
Moderate
CVE-2017-5858
was published
for
converse.js
(npm)
Sep 11, 2020
CORS misconfiguration in socket.io
Moderate
CVE-2020-28481
was published
for
socket.io
(npm)
Jan 20, 2021
Remote code execution in Eclipse Theia
High
CVE-2021-34435
was published
for
@theia/mini-browser
(npm)
Sep 2, 2021
Leaking of user information on Cross-Domain communication in sysend
Moderate
CVE-2022-24762
was published
for
sysend
(npm)
Mar 14, 2022
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Low
CVE-2022-31151
was published
for
undici
(npm)
Jul 21, 2022
code-server vulnerable to Missing Origin Validation in WebSockets
Critical
CVE-2023-26114
was published
for
code-server
(npm)
Mar 23, 2023
Unintentional leakage of private information via cross-origin websocket session hijacking
Moderate
CVE-2023-2850
was published
for
nodebb
(npm)
Jul 25, 2023
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
High
CVE-2024-26135
was published
for
meshcentral
(npm)
Feb 21, 2024
Flowise Cors Misconfiguration in packages/server/src/index.ts
High
CVE-2024-36421
was published
for
flowise
(npm)
Aug 5, 2024
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion
Moderate
CVE-2024-53866
was published
for
pnpm
(npm)
Dec 10, 2024
Websites were able to send any requests to the development server and read the response in vite
Moderate
CVE-2025-24010
was published
for
vite
(npm)
Jan 21, 2025
esbuild enables any website to send any requests to the development server and read the response
Moderate
GHSA-67mh-4wv8-2f99
was published
for
esbuild
(npm)
Feb 10, 2025
@misskey-dev/summaly allows IP Filter Bypass via Redirect
Moderate
GHSA-jqx4-9gpq-rppm
was published
for
@misskey-dev/summaly
(npm)
May 6, 2025
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
Moderate
CVE-2025-30360
was published
for
webpack-dev-server
(npm)
Jun 4, 2025
elysia-cors Origin Validation Error
Moderate
CVE-2025-50864
was published
for
@elysiajs/cors
(npm)
Aug 20, 2025
Parcel has an Origin Validation Error vulnerability
Moderate
CVE-2025-56648
was published
for
@parcel/reporter-dev-server
(npm)
Sep 17, 2025
Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass
High
CVE-2025-59845
was published
for
@apollo/explorer
(npm)
Sep 26, 2025
SillyTavern Web Interface Vulnerable DNS Rebinding
Critical
CVE-2025-59159
was published
for
sillytavern
(npm)
Oct 6, 2025
React Router has CSRF issue in Action/Server Action Request Processing
Moderate
CVE-2026-22030
was published
for
@remix-run/server-runtime
(npm)
Jan 8, 2026
OpenClaw session tool visibility hardening and Telegram webhook secret fallback
Moderate
CVE-2026-27004
was published
for
openclaw
(npm)
Feb 18, 2026
Cache poisoning in @sveltejs/adapter-vercel
Moderate
CVE-2026-27118
was published
for
@sveltejs/adapter-vercel
(npm)
Feb 19, 2026
Feathers has an origin validation bypass via prefix matching
High
CVE-2026-27192
was published
for
@feathersjs/authentication-oauth
(npm)
Feb 19, 2026
CleverTap Web SDK is vulnerable to DOM-based XSS via handleCustomHtmlPreviewPostMessageEvent function
High
CVE-2026-26861
was published
for
clevertap-web-sdk
(npm)
Feb 27, 2026
OpenClaw's browser-origin WebSocket auth hardening gap could enable loopback password brute-force chains
Moderate
CVE-2026-32025
was published
for
openclaw
(npm)
Mar 3, 2026
ProTip!
Advisories are also available from the
GraphQL API