Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

52 advisories

Loading
User Impersonation in converse.js Moderate
CVE-2017-5858 was published for converse.js (npm) Sep 11, 2020
CORS misconfiguration in socket.io Moderate
CVE-2020-28481 was published for socket.io (npm) Jan 20, 2021
Remote code execution in Eclipse Theia High
CVE-2021-34435 was published for @theia/mini-browser (npm) Sep 2, 2021
Leaking of user information on Cross-Domain communication in sysend Moderate
CVE-2022-24762 was published for sysend (npm) Mar 14, 2022
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect Low
CVE-2022-31151 was published for undici (npm) Jul 21, 2022
Haxatron Credited to Haxatron
code-server vulnerable to Missing Origin Validation in WebSockets Critical
CVE-2023-26114 was published for code-server (npm) Mar 23, 2023
Unintentional leakage of private information via cross-origin websocket session hijacking Moderate
CVE-2023-2850 was published for nodebb (npm) Jul 25, 2023
mowzk Credited to mowzk and barisusakli barisusakli barisusakli
Overly permissive origin policy High
CVE-2023-49803 was published for @koa/cors (npm) Dec 11, 2023
PawelJ-PL Credited to PawelJ-PL
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability High
CVE-2024-26135 was published for meshcentral (npm) Feb 21, 2024
Flowise Cors Misconfiguration in packages/server/src/index.ts High
CVE-2024-36421 was published for flowise (npm) Aug 5, 2024
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion Moderate
CVE-2024-53866 was published for pnpm (npm) Dec 10, 2024
ChALkeR Credited to ChALkeR
Websites were able to send any requests to the development server and read the response in vite Moderate
CVE-2025-24010 was published for vite (npm) Jan 21, 2025
ivantsepp Credited to ivantsepp
esbuild enables any website to send any requests to the development server and read the response Moderate
GHSA-67mh-4wv8-2f99 was published for esbuild (npm) Feb 10, 2025
sapphi-red Credited to sapphi-red
@misskey-dev/summaly allows IP Filter Bypass via Redirect Moderate
GHSA-jqx4-9gpq-rppm was published for @misskey-dev/summaly (npm) May 6, 2025
warriordog Credited to warriordog
sapphi-red Credited to sapphi-red
elysia-cors Origin Validation Error Moderate
CVE-2025-50864 was published for @elysiajs/cors (npm) Aug 20, 2025
Parcel has an Origin Validation Error vulnerability Moderate
CVE-2025-56648 was published for @parcel/reporter-dev-server (npm) Sep 17, 2025
R4356th Credited to R4356th, G-Rath, and Pomax G-Rath G-Rath
Pomax Pomax
Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass High
CVE-2025-59845 was published for @apollo/explorer (npm) Sep 26, 2025
ekzyis Credited to ekzyis
SillyTavern Web Interface Vulnerable DNS Rebinding Critical
CVE-2025-59159 was published for sillytavern (npm) Oct 6, 2025
Atom1cByte Credited to Atom1cByte
React Router has CSRF issue in Action/Server Action Request Processing Moderate
CVE-2026-22030 was published for @remix-run/server-runtime (npm) Jan 8, 2026
Oceandust Credited to Oceandust
OpenClaw session tool visibility hardening and Telegram webhook secret fallback Moderate
CVE-2026-27004 was published for openclaw (npm) Feb 18, 2026
aether-ai-agent Credited to aether-ai-agent
Cache poisoning in @sveltejs/adapter-vercel Moderate
CVE-2026-27118 was published for @sveltejs/adapter-vercel (npm) Feb 19, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github
Feathers has an origin validation bypass via prefix matching High
CVE-2026-27192 was published for @feathersjs/authentication-oauth (npm) Feb 19, 2026
vvxhid Credited to vvxhid and b0-n0-b0 b0-n0-b0 b0-n0-b0
CleverTap Web SDK is vulnerable to DOM-based XSS via handleCustomHtmlPreviewPostMessageEvent function High
CVE-2026-26861 was published for clevertap-web-sdk (npm) Feb 27, 2026
luz-oasis Credited to luz-oasis
ProTip! Advisories are also available from the GraphQL API