GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,198
Composer 4,343
Erlang 31
GitHub Actions 22
Go 2,107
Maven 5,283
npm 3,764
NuGet 679
pip 3,452
Pub 12
RubyGems 892
Rust 886
Swift 37

Unreviewed advisories

All unreviewed 243,249

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

237 advisories

Filter by severity

Sort by

Least recently updated

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining... Low Unreviewed

CVE-2024-57965 was published Jan 29, 2025

Vulnerability in the Oracle Communications Order and Service Management product of Oracle... Moderate Unreviewed

CVE-2025-21542 was published Jan 21, 2025

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported... Moderate Unreviewed

CVE-2025-21497 was published Jan 21, 2025

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web... High Unreviewed

CVE-2025-21511 was published Jan 21, 2025

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component:... Moderate Unreviewed

CVE-2024-21245 was published Jan 21, 2025

A ZigBee coordinator, router, or end device may change their node ID when an unsolicited... Moderate Unreviewed

CVE-2024-7322 was published Jan 15, 2025

An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0... Moderate Unreviewed

CVE-2023-46715 was published Jan 14, 2025

Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the... Moderate Unreviewed

CVE-2025-23109 was published Jan 11, 2025

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to... High Unreviewed

CVE-2024-55917 was published Dec 31, 2024

There is an insufficient input verification vulnerability in Huawei product. Successful... High Unreviewed

CVE-2022-32144 was published Dec 20, 2024

A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests... Moderate Unreviewed

CVE-2024-56170 was published Dec 18, 2024

This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2.... Moderate Unreviewed

CVE-2024-54490 was published Dec 12, 2024

A cookie management issue was addressed with improved state management. This issue is fixed in... Moderate Unreviewed

CVE-2024-44212 was published Dec 12, 2024

MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking. Moderate Unreviewed

CVE-2024-45495 was published Nov 29, 2024

An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 allows attackers to cause... Moderate Unreviewed

CVE-2024-51072 was published Nov 22, 2024

An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information... Moderate Unreviewed

CVE-2024-51037 was published Nov 15, 2024

lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain... High Unreviewed

CVE-2024-50654 was published Nov 15, 2024

Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control... High Unreviewed

CVE-2024-10534 was published Nov 15, 2024

A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal... High Unreviewed

CVE-2024-6674 was published Oct 29, 2024

The origin of an external protocol handler prompt could have been obscured using a data: URL... Moderate Unreviewed

CVE-2024-10460 was published Oct 29, 2024

Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change... High Unreviewed

CVE-2024-44734 was published Oct 11, 2024

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under... High Unreviewed

CVE-2024-9393 was published Oct 1, 2024

A compromised content process could have allowed for the arbitrary loading of cross-origin pages.... Critical Unreviewed

CVE-2024-9392 was published Oct 1, 2024

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of... Moderate Unreviewed

CVE-2024-44187 was published Sep 17, 2024

Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed... Moderate Unreviewed

CVE-2024-7978 was published Aug 21, 2024

Previous 1 2 3 4 5 … 9 10 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

237 advisories