Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,779
Maven
5,000+
npm
4,380
NuGet
770
pip
4,159
Pub
12
RubyGems
963
Rust
1,071
Swift
45
Unreviewed advisories
All unreviewed
5,000+

353 advisories

Loading
Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar... Unknown Unreviewed
CVE-2025-69235 was published Dec 30, 2025
Authentication issue that does not verify the source of a packet which could allow an attacker to... High Unreviewed
CVE-2025-61740 was published Dec 22, 2025
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63388 was published Dec 18, 2025
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63386 was published Dec 18, 2025
Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox <... Moderate Unreviewed
CVE-2025-14331 was published Dec 9, 2025
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account... Critical Unreviewed
CVE-2025-34291 was published Dec 6, 2025
Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3... Moderate Unreviewed
CVE-2025-8074 was published Dec 4, 2025
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin... Moderate Unreviewed
CVE-2025-37734 was published Nov 12, 2025
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80... Moderate Unreviewed
CVE-2025-12905 was published Nov 8, 2025
Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The... High Unreviewed
CVE-2024-14006 was published Oct 31, 2025
Liferay Portal fails to verify messages from the cluster network is trusted Moderate
CVE-2025-62250 was published for com.liferay:com.liferay.portal.cluster.multiple (Maven) Oct 21, 2025
Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual... High Unreviewed
CVE-2025-62584 was published Oct 16, 2025
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an... Moderate Unreviewed
CVE-2025-2140 was published Oct 12, 2025
An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks... High Unreviewed
CVE-2025-59957 was published Oct 9, 2025
A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the... Moderate Unreviewed
CVE-2025-42706 was published Oct 8, 2025
SillyTavern Web Interface Vulnerable DNS Rebinding Critical
CVE-2025-59159 was published for sillytavern (npm) Oct 6, 2025
Atom1cByte
Credited to Atom1cByte
A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability... Moderate Unreviewed
CVE-2025-11304 was published Oct 5, 2025
Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass High
CVE-2025-59845 was published for @apollo/explorer (npm) Sep 26, 2025
ekzyis
Credited to ekzyis
A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point ... Moderate Unreviewed
CVE-2025-20364 was published Sep 24, 2025
Parcel has an Origin Validation Error vulnerability Moderate
CVE-2025-56648 was published for @parcel/reporter-dev-server (npm) Sep 17, 2025
R4356th G-Rath
Credited to R4356th and G-Rath
Neo4j Cypher MCP server is vulnerable to DNS rebinding High
CVE-2025-10193 was published for mcp-neo4j-cypher (pip) Sep 11, 2025
eharris128
Credited to eharris128
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability High
CVE-2025-9636 was published for pgadmin4 (pip) Sep 5, 2025
Origin Validation Error vulnerability in Akinsoft LimonDesk allows Forceful Browsing.This issue... High Unreviewed
CVE-2024-13068 was published Sep 3, 2025
An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client... High Unreviewed
CVE-2025-51605 was published Aug 22, 2025
elysia-cors Origin Validation Error Moderate
CVE-2025-50864 was published for @elysiajs/cors (npm) Aug 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database