GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
A malicious actor who lures an authenticated user to a malicious page could exploit a Cross...
High
Unreviewed
CVE-2026-55110
was published
Jul 2, 2026
Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)
High
CVE-2026-46608
was published
for
glances
(pip)
Jun 22, 2026
PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI...
High
Unreviewed
CVE-2026-56076
was published
Jun 19, 2026
hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard
High
CVE-2026-54290
was published
for
hono
(npm)
Jun 16, 2026
The Aqara Developer Portal (developer.aqara.com) and shared test environments (developer-test...
High
Unreviewed
CVE-2026-50088
was published
Jun 12, 2026
The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing...
High
Unreviewed
CVE-2026-50087
was published
Jun 12, 2026
CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when...
High
Unreviewed
CVE-2026-10056
was published
May 29, 2026
@yoda.digital/gitlab-mcp-server's SSE transport has no authentication and wildcard CORS, exposing all 86 GitLab tools
High
CVE-2026-44895
was published
for
@yoda.digital/gitlab-mcp-server
(npm)
May 9, 2026
engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection
High
GHSA-2r2p-4cgf-hv7h
was published
for
engramx
(npm)
Apr 22, 2026
Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS
High
CVE-2026-34839
was published
for
Glances
(pip)
Apr 21, 2026
WWBN AVideo has CORS Origin Reflection with Credentials on Sensitive API Endpoints Enables Cross-Origin Account Takeover
High
CVE-2026-41056
was published
for
wwbn/avideo
(Composer)
Apr 14, 2026
PraisonAI: Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint
High
GHSA-x462-jjpc-q4q4
was published
for
praisonaiagents
(pip)
Apr 10, 2026
Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard
High
CVE-2026-33533
was published
for
Glances
(pip)
Mar 30, 2026
AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS
High
CVE-2026-33043
was published
for
wwbn/avideo
(Composer)
Mar 17, 2026
Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
High
CVE-2026-32610
was published
for
Glances
(pip)
Mar 16, 2026
mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft
High
CVE-2026-33010
was published
for
mcp-memory-service
(pip)
Mar 7, 2026
Litestar's CORS origin allowlist has a bypass due to unescaped regex metacharacters in allowed origins
High
CVE-2026-25478
was published
for
litestar
(pip)
Feb 9, 2026
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an...
High
Unreviewed
CVE-2026-24435
was published
Jan 26, 2026
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
High
CVE-2026-22812
was published
for
opencode-ai
(npm)
Jan 13, 2026
Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145...
High
Unreviewed
CVE-2025-13019
was published
Nov 11, 2025
Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox...
High
Unreviewed
CVE-2025-13017
was published
Nov 11, 2025
The issue was addressed with improved checks. This issue is fixed in Safari 26.1, visionOS 26.1,...
High
Unreviewed
CVE-2025-43480
was published
Nov 4, 2025
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration
High
CVE-2025-53092
was published
for
@strapi/core
(npm)
Oct 16, 2025
@musistudio/claude-code-router has improper CORS configuration
High
CVE-2025-57755
was published
for
@musistudio/claude-code-router
(npm)
Aug 21, 2025
An unauthenticated remote attacker can take advantage of the current overly permissive CORS...
High
Unreviewed
CVE-2025-25264
was published
Jun 16, 2025
ProTip!
Advisories are also available from the
GraphQL API