Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

164 advisories

Loading
An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause... Moderate Unreviewed
CVE-2023-29753 was published Jun 9, 2023
An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a... Moderate Unreviewed
CVE-2023-29751 was published Jun 9, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10... Moderate Unreviewed
CVE-2023-2589 was published Jun 7, 2023
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user... Moderate Unreviewed
CVE-2023-28164 was published Jun 2, 2023
Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the... Moderate Unreviewed
CVE-2025-23109 was published Jan 11, 2025
An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0... Moderate Unreviewed
CVE-2023-46715 was published Jan 14, 2025
Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated... Moderate Unreviewed
CVE-2023-23561 was published May 30, 2023
A ZigBee coordinator, router, or end device may change their node ID when an unsolicited... Moderate Unreviewed
CVE-2024-7322 was published Jan 15, 2025
Gradio's CORS origin validation accepts the null origin Moderate
CVE-2024-47165 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Vulnerability in the Oracle Communications Order and Service Management product of Oracle... Moderate Unreviewed
CVE-2025-21542 was published Jan 21, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported... Moderate Unreviewed
CVE-2025-21497 was published Jan 21, 2025
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component:... Moderate Unreviewed
CVE-2024-21245 was published Jan 21, 2025
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation Moderate
CVE-2023-32993 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate... Moderate Unreviewed
CVE-2024-22062 was published Jul 9, 2024
A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of... Moderate Unreviewed
CVE-2023-28318 was published May 10, 2023
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3,... Moderate Unreviewed
CVE-2023-27962 was published May 8, 2023
This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13... Moderate Unreviewed
CVE-2023-27932 was published May 8, 2023
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker... Moderate Unreviewed
CVE-2023-29867 was published May 2, 2023
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and... Moderate Unreviewed
CVE-2023-2445 was published May 2, 2023
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated... Moderate Unreviewed
CVE-2023-29868 was published May 2, 2023
Websites were able to send any requests to the development server and read the response in vite Moderate
CVE-2025-24010 was published for vite (npm) Jan 21, 2025
ivantsepp
esbuild enables any website to send any requests to the development server and read the response Moderate
GHSA-67mh-4wv8-2f99 was published for esbuild (npm) Feb 10, 2025
sapphi-red
A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or... Moderate Unreviewed
CVE-2025-1102 was published Feb 12, 2025
An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious... Moderate Unreviewed
CVE-2025-23117 was published Mar 1, 2025
Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0... Moderate Unreviewed
CVE-2023-0132 was published Jan 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database