GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a...
Moderate
Unreviewed
CVE-2024-45642
was published
Nov 14, 2024
In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6
Moderate
Unreviewed
CVE-2024-10315
was published
Nov 11, 2024
HyperView Geoportal Toolkit in versions though 8.2.4 does not restrict cross-domain requests when...
Moderate
Unreviewed
CVE-2024-6449
was published
Aug 28, 2024
memos CORS Misconfiguration in server.go (GHSL-2024-034)
High
CVE-2024-41659
was published
for
github.com/usememos/memos
(Go)
Aug 22, 2024
Casdoor CORS misconfiguration (GHSL-2024-035)
High
CVE-2024-41657
was published
for
github.com/casdoor/casdoor
(Go)
Aug 22, 2024
Under certain circumstances the ExacqVision Web Services does not provide sufficient protection...
Moderate
Unreviewed
CVE-2024-32862
was published
Aug 2, 2024
SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy ...
High
Unreviewed
CVE-2024-37131
was published
Jun 13, 2024
HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability....
Moderate
Unreviewed
CVE-2023-37526
was published
May 14, 2024
Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code...
High
Unreviewed
CVE-2023-38125
was published
May 3, 2024
Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code...
High
Unreviewed
CVE-2023-38122
was published
May 3, 2024
vantage6's CORS settings overly permissive
Moderate
CVE-2024-23823
was published
for
vantage6
(pip)
Mar 15, 2024
A potential attacker with access to the Westermo Lynx device would be able to execute...
Moderate
Unreviewed
CVE-2023-45213
was published
Feb 7, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an...
Moderate
Unreviewed
CVE-2023-50940
was published
Feb 2, 2024
Microsoft Edge for Android Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-21382
was published
Jan 26, 2024
A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All...
High
Unreviewed
CVE-2023-46281
was published
Dec 12, 2023
A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 ...
Moderate
Unreviewed
CVE-2023-25603
was published
Nov 14, 2023
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the...
High
Unreviewed
CVE-2023-46098
was published
Nov 14, 2023
Sensitive information disclosure due to CORS misconfiguration. The following products are...
Low
Unreviewed
CVE-2023-2360
was published
Apr 28, 2023
A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulnerability exists that could...
High
Unreviewed
CVE-2022-22808
was published
Feb 11, 2022
Remote code execution in Eclipse Theia
High
CVE-2021-34435
was published
for
@theia/mini-browser
(npm)
Sep 2, 2021
ProTip!
Advisories are also available from the
GraphQL API