Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,599
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,828
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection High
GHSA-2r2p-4cgf-hv7h was published for engramx (npm) Apr 22, 2026
gabiudrescu Credited to gabiudrescu
Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS High
CVE-2026-34839 was published for Glances (pip) Apr 21, 2026
Venukamatchi Credited to Venukamatchi
WWBN AVideo has CORS Origin Reflection with Credentials on Sensitive API Endpoints Enables Cross-Origin Account Takeover High
CVE-2026-41056 was published for wwbn/avideo (Composer) Apr 14, 2026
offset Credited to offset
PraisonAI: Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint High
GHSA-x462-jjpc-q4q4 was published for praisonaiagents (pip) Apr 10, 2026
offset Credited to offset
Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard High
CVE-2026-33533 was published for Glances (pip) Mar 30, 2026
tanishqshah2 Credited to tanishqshah2
AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS High
CVE-2026-33043 was published for wwbn/avideo (Composer) Mar 17, 2026
offensiveee Credited to offensiveee
Glances's Default CORS Configuration Allows Cross-Origin Credential Theft High
CVE-2026-32610 was published for Glances (pip) Mar 16, 2026
offset Credited to offset
mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft High
CVE-2026-33010 was published for mcp-memory-service (pip) Mar 7, 2026
yotampe-pluto Credited to yotampe-pluto
Litestar's CORS origin allowlist has a bypass due to unescaped regex metacharacters in allowed origins High
CVE-2026-25478 was published for litestar (pip) Feb 9, 2026
Sirdorblu Credited to Sirdorblu
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an... High Unreviewed
CVE-2026-24435 was published Jan 26, 2026
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution High
CVE-2026-22812 was published for opencode-ai (npm) Jan 13, 2026
CyberShadow Credited to CyberShadow
Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145... High Unreviewed
CVE-2025-13019 was published Nov 11, 2025
Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox... High Unreviewed
CVE-2025-13017 was published Nov 11, 2025
The issue was addressed with improved checks. This issue is fixed in Safari 26.1, visionOS 26.1,... High Unreviewed
CVE-2025-43480 was published Nov 4, 2025
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration High
CVE-2025-53092 was published for @strapi/core (npm) Oct 16, 2025
ghostvirus62 Credited to ghostvirus62, derrickmehaffy, alexandrebodin, and innerdvations derrickmehaffy derrickmehaffy
alexandrebodin alexandrebodin innerdvations innerdvations
@musistudio/claude-code-router has improper CORS configuration High
CVE-2025-57755 was published for @musistudio/claude-code-router (npm) Aug 21, 2025
ttttmr Credited to ttttmr
An unauthenticated remote attacker can take advantage of the current overly permissive CORS... High Unreviewed
CVE-2025-25264 was published Jun 16, 2025
Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious... High Unreviewed
CVE-2025-25234 was published Apr 17, 2025
memos CORS Misconfiguration in server.go (GHSL-2024-034) High
CVE-2024-41659 was published for github.com/usememos/memos (Go) Aug 22, 2024
Casdoor CORS misconfiguration (GHSL-2024-035) High
CVE-2024-41657 was published for github.com/casdoor/casdoor (Go) Aug 22, 2024
SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy ... High Unreviewed
CVE-2024-37131 was published Jun 13, 2024
Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code... High Unreviewed
CVE-2023-38122 was published May 3, 2024
Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code... High Unreviewed
CVE-2023-38125 was published May 3, 2024
A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All... High Unreviewed
CVE-2023-46281 was published Dec 12, 2023
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the... High Unreviewed
CVE-2023-46098 was published Nov 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database