GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)
Moderate
CVE-2026-49993
was published
for
@nuxt/rspack-builder
(npm)
Jun 16, 2026
Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)
Moderate
CVE-2026-45670
was published
for
@nuxt/rspack-builder
(npm)
May 19, 2026
webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
Moderate
CVE-2026-6402
was published
for
webpack-dev-server
(npm)
May 18, 2026
view_component: Preview Route Can Dispatch Inherited Helper Methods
Moderate
CVE-2026-44836
was published
for
view_component
(RubyGems)
May 8, 2026
webpack-dev-server users' source code may be stolen when they access a malicious web site
Moderate
CVE-2025-30359
was published
for
webpack-dev-server
(npm)
Jun 4, 2025
H2O Vulnerable to Execution of Arbitrary Files
Moderate
CVE-2024-6863
was published
for
ai.h2o:h2o-core
(Maven)
Mar 20, 2025
Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Moderate
CVE-2025-24361
was published
for
@nuxt/rspack-builder
(npm)
Jan 27, 2025
TYPO3 DB Check Module vulnerable to Cross-Site Request Forgery
Moderate
CVE-2024-55945
was published
for
typo3/cms-lowlevel
(Composer)
Jan 14, 2025
TYPO3 Indexed Search Module vulnerable to Cross-Site Request Forgery
Moderate
CVE-2024-55923
was published
for
typo3/cms-indexed-search
(Composer)
Jan 14, 2025
TYPO3 Form Framework Module vulnerable to Cross-Site Request Forgery
Moderate
CVE-2024-55922
was published
for
typo3/cms-form
(Composer)
Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Dashboard Module
Moderate
CVE-2024-55920
was published
for
typo3/cms-dashboard
(Composer)
Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Backend User Module
Moderate
CVE-2024-55894
was published
for
typo3/cms-beuser
(Composer)
Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Log Module
Moderate
CVE-2024-55893
was published
for
typo3/cms-belog
(Composer)
Jan 14, 2025
Orchid Platform has Method Exposure Vulnerability in Modals
Moderate
CVE-2024-51992
was published
for
orchid/platform
(Composer)
Nov 12, 2024
Default installation of `synthetic-monitoring-agent` exposes sensitive information
Moderate
CVE-2022-46156
was published
for
github.com/grafana/synthetic-monitoring-agent
(Go)
Sep 6, 2024
xwiki contains Exposed Dangerous Method or Function
Moderate
CVE-2023-26478
was published
for
org.xwiki.platform:xwiki-platform-store-filesystem-oldcore
(Maven)
Mar 3, 2023
ProTip!
Advisories are also available from the
GraphQL API