GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected...
Critical
Unreviewed
CVE-2014-125071
was published
Jan 9, 2023
code-server vulnerable to Missing Origin Validation in WebSockets
Critical
CVE-2023-26114
was published
for
code-server
(npm)
Mar 23, 2023
Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via...
Moderate
Unreviewed
CVE-2023-2886
was published
May 25, 2023
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site...
Critical
Unreviewed
CVE-2023-0957
was published
Jul 6, 2023
Unintentional leakage of private information via cross-origin websocket session hijacking
Moderate
CVE-2023-2850
was published
for
nodebb
(npm)
Jul 25, 2023
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This...
High
Unreviewed
CVE-2023-2848
was published
Sep 14, 2023
CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The...
Moderate
Unreviewed
CVE-2023-32264
was published
Mar 8, 2024
A flaw was found in the ansible automation platform. An insecure WebSocket connection was being...
High
Unreviewed
CVE-2024-1657
was published
Apr 25, 2024
Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious...
Critical
Unreviewed
CVE-2024-23168
was published
Aug 15, 2024
Websites were able to send any requests to the development server and read the response in vite
Moderate
CVE-2025-24010
was published
for
vite
(npm)
Jan 21, 2025
Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not...
High
Unreviewed
CVE-2024-48849
was published
Jan 29, 2025
Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening
Critical
CVE-2025-24964
was published
for
vitest
(npm)
Feb 4, 2025
Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component...
Moderate
Unreviewed
CVE-2024-8201
was published
May 16, 2025
Information exposure in Next.js dev server due to lack of origin verification
Low
CVE-2025-48068
was published
for
next
(npm)
May 28, 2025
Claude Code Improper Authorization via websocket connections from arbitrary origins
High
CVE-2025-52882
was published
for
@anthropic-ai/claude-code
(npm)
Jun 23, 2025
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking...
Moderate
Unreviewed
CVE-2025-36116
was published
Jul 23, 2025
Apache Zeppelin: Missing Origin Validation in WebSockets vulnerability
Moderate
CVE-2024-51775
was published
for
org.apache.zeppelin:zeppelin-shell
(Maven)
Aug 3, 2025
Komari vulnerable to Cross-site WebSocket Hijacking
High
GHSA-q355-h244-969h
was published
for
github.com/komari-monitor/komari
(Go)
Aug 12, 2025
Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API
High
CVE-2025-54289
was published
for
github.com/canonical/lxd
(Go)
Oct 2, 2025
GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and...
Moderate
Unreviewed
CVE-2025-61987
was published
Dec 12, 2025
Bokeh server applications have Incomplete Origin Validation in WebSockets
Moderate
CVE-2026-21883
was published
for
bokeh
(pip)
Jan 6, 2026
Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails
Moderate
CVE-2026-22689
was published
for
github.com/axllent/mailpit
(Go)
Jan 13, 2026
@farmfe/core is Missing Origin Validation in WebSocket
Moderate
CVE-2025-56647
was published
for
@farmfe/core
(npm)
Feb 12, 2026
A missing origin validation in WebSockets vulnerability affects the GraphicalData web services...
Moderate
Unreviewed
CVE-2026-1692
was published
Feb 26, 2026
Storybook Dev Server is Vulnerable to WebSocket Hijacking
High
CVE-2026-27148
was published
for
storybook
(npm)
Feb 26, 2026
ProTip!
Advisories are also available from the
GraphQL API