GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,503
Composer 5,140
Erlang 40
GitHub Actions 38
Go 2,844
Maven 6,212
npm 4,470
NuGet 779
pip 4,231
Pub 12
RubyGems 974
Rust 1,093
Swift 48

Unreviewed advisories

All unreviewed 286,264

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

359 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows... High Unreviewed

CVE-2022-50925 was published Jan 14, 2026

MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation High

CVE-2025-14279 was published for mlflow (pip) Jan 12, 2026

React Router has CSRF issue in Action/Server Action Request Processing Moderate

CVE-2026-22030 was published for @remix-run/server-runtime (npm) Jan 8, 2026

Credited to Oceandust

An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it... Critical Unreviewed

CVE-2025-67825 was published Jan 8, 2026

Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2... High Unreviewed

CVE-2026-20893 was published Jan 7, 2026

Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar... High Unreviewed

CVE-2025-69235 was published Dec 30, 2025

Authentication issue that does not verify the source of a packet which could allow an attacker to... High Unreviewed

CVE-2025-61740 was published Dec 22, 2025

A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed

CVE-2025-63388 was published Dec 18, 2025

A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed

CVE-2025-63386 was published Dec 18, 2025

Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox <... Moderate Unreviewed

CVE-2025-14331 was published Dec 9, 2025

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account... Critical Unreviewed

CVE-2025-34291 was published Dec 6, 2025

Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3... Moderate Unreviewed

CVE-2025-8074 was published Dec 4, 2025

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information... High Unreviewed

CVE-2025-13947 was published Dec 3, 2025

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin... Moderate Unreviewed

CVE-2025-37734 was published Nov 12, 2025

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80... Moderate Unreviewed

CVE-2025-12905 was published Nov 8, 2025

Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The... High Unreviewed

CVE-2024-14006 was published Oct 31, 2025

Liferay Portal fails to verify messages from the cluster network is trusted Moderate

CVE-2025-62250 was published for com.liferay:com.liferay.portal.cluster.multiple (Maven) Oct 21, 2025

Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual... High Unreviewed

CVE-2025-62584 was published Oct 16, 2025

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an... Moderate Unreviewed

CVE-2025-2140 was published Oct 12, 2025

An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks... High Unreviewed

CVE-2025-59957 was published Oct 9, 2025

A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the... Moderate Unreviewed

CVE-2025-42706 was published Oct 8, 2025

SillyTavern Web Interface Vulnerable DNS Rebinding Critical

CVE-2025-59159 was published for sillytavern (npm) Oct 6, 2025

Credited to Atom1cByte

A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability... Moderate Unreviewed

CVE-2025-11304 was published Oct 5, 2025

Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass High

CVE-2025-59845 was published for @apollo/explorer (npm) Sep 26, 2025

Credited to ekzyis

A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point ... Moderate Unreviewed

CVE-2025-20364 was published Sep 24, 2025

Previous1…15 Next

Previous 1 2 3 4 5 … 14 15 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

359 advisories