Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

313 advisories

Loading
Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated... Moderate Unreviewed
CVE-2023-23561 was published May 30, 2023
A ZigBee coordinator, router, or end device may change their node ID when an unsolicited... Moderate Unreviewed
CVE-2024-7322 was published Jan 15, 2025
Gradio's CORS origin validation accepts the null origin Moderate
CVE-2024-47165 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Gradios's CORS origin validation is not performed when the request has a cookie High
CVE-2024-47084 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Vulnerability in the Oracle Communications Order and Service Management product of Oracle... Moderate Unreviewed
CVE-2025-21542 was published Jan 21, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported... Moderate Unreviewed
CVE-2025-21497 was published Jan 21, 2025
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component:... Moderate Unreviewed
CVE-2024-21245 was published Jan 21, 2025
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation Moderate
CVE-2023-32993 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web... High Unreviewed
CVE-2025-21511 was published Jan 21, 2025
There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate... Moderate Unreviewed
CVE-2024-22062 was published Jul 9, 2024
Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier... High Unreviewed
CVE-2023-23578 was published May 10, 2023
A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of... Moderate Unreviewed
CVE-2023-28318 was published May 10, 2023
In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining... Low Unreviewed
CVE-2024-57965 was published Jan 29, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3,... Moderate Unreviewed
CVE-2023-27962 was published May 8, 2023
This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13... Moderate Unreviewed
CVE-2023-27932 was published May 8, 2023
This issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS... High Unreviewed
CVE-2023-27944 was published May 8, 2023
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker... Moderate Unreviewed
CVE-2023-29867 was published May 2, 2023
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and... Moderate Unreviewed
CVE-2023-2445 was published May 2, 2023
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated... Moderate Unreviewed
CVE-2023-29868 was published May 2, 2023
A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0.... Low Unreviewed
CVE-2025-1083 was published Feb 7, 2025
Websites were able to send any requests to the development server and read the response in vite Moderate
CVE-2025-24010 was published for vite (npm) Jan 21, 2025
ivantsepp
esbuild enables any website to send any requests to the development server and read the response Moderate
GHSA-67mh-4wv8-2f99 was published for esbuild (npm) Feb 10, 2025
sapphi-red
A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or... Moderate Unreviewed
CVE-2025-1102 was published Feb 12, 2025
An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious... Moderate Unreviewed
CVE-2025-23117 was published Mar 1, 2025
Rembg CORS misconfiguration High
CVE-2025-25302 was published for rembg (pip) Mar 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database