GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 29,407
Composer 5,654
Erlang 49
GitHub Actions 50
Go 3,601
Maven 6,432
npm 5,897
NuGet 924
pip 4,829
Pub 13
RubyGems 1,045
Rust 1,256
Swift 53

Unreviewed advisories

All unreviewed 299,310

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

41 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote... Moderate Unreviewed

CVE-2026-5302 was published Apr 8, 2026

When the internal webserver is enabled (default is disabled), an attacker might be able to trick... Low Unreviewed

CVE-2026-0397 was published Mar 31, 2026

HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS... Low Unreviewed

CVE-2025-55274 was published Mar 26, 2026

A permissive web security configuration may allow cross-origin restrictions enforced by modern... Low Unreviewed

CVE-2025-9292 was published Feb 13, 2026

Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js... Moderate Unreviewed

CVE-2025-13984 was published Jan 28, 2026

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an... High Unreviewed

CVE-2026-24435 was published Jan 26, 2026

A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker... Moderate Unreviewed

CVE-2025-55462 was published Jan 13, 2026

Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145... High Unreviewed

CVE-2025-13019 was published Nov 11, 2025

Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox... High Unreviewed

CVE-2025-13017 was published Nov 11, 2025

The issue was addressed with improved checks. This issue is fixed in Safari 26.1, visionOS 26.1,... High Unreviewed

CVE-2025-43480 was published Nov 4, 2025

The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1,... Moderate Unreviewed

CVE-2025-43392 was published Nov 4, 2025

IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains... Moderate Unreviewed

CVE-2023-37401 was published Oct 9, 2025

Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin... Moderate Unreviewed

CVE-2025-41010 was published Oct 2, 2025

This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird... Moderate Unreviewed

CVE-2025-10529 was published Sep 16, 2025

IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could... Moderate Unreviewed

CVE-2025-27909 was published Aug 18, 2025

An unauthenticated remote attacker can take advantage of the current overly permissive CORS... High Unreviewed

CVE-2025-25264 was published Jun 16, 2025

In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross... Moderate Unreviewed

CVE-2025-41363 was published Jun 6, 2025

In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross... Moderate Unreviewed

CVE-2025-41366 was published Jun 6, 2025

Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious... High Unreviewed

CVE-2025-25234 was published Apr 17, 2025

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources... Low Unreviewed

CVE-2025-2865 was published Mar 28, 2025

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin... Moderate Unreviewed

CVE-2024-22348 was published Jan 20, 2025

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a... Moderate Unreviewed

CVE-2024-45642 was published Nov 14, 2024

In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6 Moderate Unreviewed

CVE-2024-10315 was published Nov 11, 2024

HyperView Geoportal Toolkit in versions though 8.2.4 does not restrict cross-domain requests when... Moderate Unreviewed

CVE-2024-6449 was published Aug 28, 2024

Under certain circumstances the ExacqVision Web Services does not provide sufficient protection... Moderate Unreviewed

CVE-2024-32862 was published Aug 2, 2024

Previous12 Next

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

41 advisories