GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,820
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,050
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Apache Zeppelin: Missing Origin Validation in WebSockets vulnerability
Moderate
CVE-2024-51775
was published
for
org.apache.zeppelin:zeppelin-shell
(Maven)
Aug 3, 2025
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking...
Moderate
Unreviewed
CVE-2025-36116
was published
Jul 23, 2025
Claude Code Improper Authorization via websocket connections from arbitrary origins
High
CVE-2025-52882
was published
for
@anthropic-ai/claude-code
(npm)
Jun 23, 2025
Information exposure in Next.js dev server due to lack of origin verification
Low
CVE-2025-48068
was published
for
next
(npm)
May 28, 2025
Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component...
Moderate
Unreviewed
CVE-2024-8201
was published
May 16, 2025
Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening
Critical
CVE-2025-24964
was published
for
vitest
(npm)
Feb 4, 2025
Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not...
High
Unreviewed
CVE-2024-48849
was published
Jan 29, 2025
Websites were able to send any requests to the development server and read the response in vite
Moderate
CVE-2025-24010
was published
for
vite
(npm)
Jan 21, 2025
Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious...
Critical
Unreviewed
CVE-2024-23168
was published
Aug 15, 2024
A flaw was found in the ansible automation platform. An insecure WebSocket connection was being...
High
Unreviewed
CVE-2024-1657
was published
Apr 25, 2024
CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The...
Moderate
Unreviewed
CVE-2023-32264
was published
Mar 8, 2024
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This...
High
Unreviewed
CVE-2023-2848
was published
Sep 14, 2023
Unintentional leakage of private information via cross-origin websocket session hijacking
Moderate
CVE-2023-2850
was published
for
nodebb
(npm)
Jul 25, 2023
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site...
Critical
Unreviewed
CVE-2023-0957
was published
Jul 6, 2023
Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via...
Moderate
Unreviewed
CVE-2023-2886
was published
May 25, 2023
code-server vulnerable to Missing Origin Validation in WebSockets
Critical
CVE-2023-26114
was published
for
code-server
(npm)
Mar 23, 2023
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected...
Critical
Unreviewed
CVE-2014-125071
was published
Jan 9, 2023
ProTip!
Advisories are also available from the
GraphQL API