Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

40 advisories

Loading
Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate Unreviewed
CVE-2026-45489 was published Jul 3, 2026
Uhudsavasindankacanokcu2 Credited to Uhudsavasindankacanokcu2 and DavidCarliez DavidCarliez DavidCarliez
Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99) Moderate
CVE-2026-45670 was published for @nuxt/rspack-builder (npm) May 19, 2026
sapphi-red Credited to sapphi-red
webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins Moderate
CVE-2026-6402 was published for webpack-dev-server (npm) May 18, 2026
sapphi-red Credited to sapphi-red, UlisesGascon, bjohansebas, and alexander-akait UlisesGascon UlisesGascon
bjohansebas bjohansebas alexander-akait alexander-akait
view_component: Preview Route Can Dispatch Inherited Helper Methods Moderate
CVE-2026-44836 was published for view_component (RubyGems) May 8, 2026
cyberlanc3r Credited to cyberlanc3r
Memory corruption while processing IOCTL command when device is in power-save state. Moderate Unreviewed
CVE-2026-25266 was published May 4, 2026
webpack-dev-server users' source code may be stolen when they access a malicious web site Moderate
CVE-2025-30359 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red Credited to sapphi-red
H2O Vulnerable to Execution of Arbitrary Files Moderate
CVE-2024-6863 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Opening a malicious website while running a Nuxt dev server could allow read-only access to code Moderate
CVE-2025-24361 was published for @nuxt/rspack-builder (npm) Jan 27, 2025
sapphi-red Credited to sapphi-red
TYPO3 DB Check Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55945 was published for typo3/cms-lowlevel (Composer) Jan 14, 2025
shm0sby Credited to shm0sby and rosegabe rosegabe rosegabe
TYPO3 Indexed Search Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55923 was published for typo3/cms-indexed-search (Composer) Jan 14, 2025
TYPO3 Form Framework Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55922 was published for typo3/cms-form (Composer) Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Dashboard Module Moderate
CVE-2024-55920 was published for typo3/cms-dashboard (Composer) Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Backend User Module Moderate
CVE-2024-55894 was published for typo3/cms-beuser (Composer) Jan 14, 2025
zly123987 Credited to zly123987, shm0sby, and rosegabe shm0sby shm0sby
rosegabe rosegabe
TYPO3 Cross-Site Request Forgery in Log Module Moderate
CVE-2024-55893 was published for typo3/cms-belog (Composer) Jan 14, 2025
zly123987 Credited to zly123987, shm0sby, and rosegabe shm0sby shm0sby
rosegabe rosegabe
ProTip! Advisories are also available from the GraphQL API