Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

363 advisories

Loading
Proctorio Chrome Extension is a browser extension used for online proctoring. The extension... Low Unreviewed
CVE-2026-2345 was published Feb 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18... High Unreviewed
CVE-2025-7659 was published Feb 11, 2026
Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS)... Moderate Unreviewed
CVE-2026-1997 was published Feb 10, 2026
An unauthenticated remote attacker is able to use an existing session id of a logged in user and... High Unreviewed
CVE-2022-50975 was published Feb 2, 2026
Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows... High Unreviewed
CVE-2022-50925 was published Jan 14, 2026
MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation High
CVE-2025-14279 was published for mlflow (pip) Jan 12, 2026
React Router has CSRF issue in Action/Server Action Request Processing Moderate
CVE-2026-22030 was published for @remix-run/server-runtime (npm) Jan 8, 2026
Oceandust
Credited to Oceandust
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it... Critical Unreviewed
CVE-2025-67825 was published Jan 8, 2026
Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2... High Unreviewed
CVE-2026-20893 was published Jan 7, 2026
Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar... High Unreviewed
CVE-2025-69235 was published Dec 30, 2025
Authentication issue that does not verify the source of a packet which could allow an attacker to... High Unreviewed
CVE-2025-61740 was published Dec 22, 2025
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63386 was published Dec 18, 2025
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63388 was published Dec 18, 2025
Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox <... Moderate Unreviewed
CVE-2025-14331 was published Dec 9, 2025
Langflow CORS misconfiguration enables Account Takeover and RCE Critical
CVE-2025-34291 was published for langflow (pip) Dec 6, 2025
augustocesarperin
Credited to augustocesarperin
Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3... Moderate Unreviewed
CVE-2025-8074 was published Dec 4, 2025
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information... High Unreviewed
CVE-2025-13947 was published Dec 3, 2025
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin... Moderate Unreviewed
CVE-2025-37734 was published Nov 12, 2025
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80... Moderate Unreviewed
CVE-2025-12905 was published Nov 8, 2025
Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The... High Unreviewed
CVE-2024-14006 was published Oct 31, 2025
Liferay Portal fails to verify messages from the cluster network is trusted Moderate
CVE-2025-62250 was published for com.liferay:com.liferay.portal.cluster.multiple (Maven) Oct 21, 2025
Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual... High Unreviewed
CVE-2025-62584 was published Oct 16, 2025
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an... Moderate Unreviewed
CVE-2025-2140 was published Oct 12, 2025
An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks... High Unreviewed
CVE-2025-59957 was published Oct 9, 2025
A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the... Moderate Unreviewed
CVE-2025-42706 was published Oct 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database