GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
Improper Validation of Certificate with Host Mismatch in Java-WebSocket
High
CVE-2020-11050
was published
for
org.java-websocket:Java-WebSocket
(Maven)
May 8, 2020
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay
High
CVE-2023-30614
was published
for
pay
(RubyGems)
Apr 20, 2023
Decidim vulnerable to sensitive data disclosure
High
CVE-2023-34090
was published
for
decidim
(RubyGems)
Jul 11, 2023
CometVisu Backend for openHAB affected by SSRF/XSS
High
CVE-2024-42467
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
High
CVE-2024-46977
was published
for
openc3
(RubyGems)
Oct 2, 2024
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses
High
CVE-2025-25293
was published
for
ruby-saml
(RubyGems)
Mar 12, 2025
NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload
High
CVE-2026-24769
was published
for
nocodb
(npm)
Jan 28, 2026
Unauthenticated Spree Commerce users can view completed guest orders by Order ID
High
CVE-2026-25757
was published
for
spree_storefront
(RubyGems)
Feb 5, 2026
Unauthenticated Spree Commerce users can access all guest addresses
High
CVE-2026-25758
was published
for
spree_api
(RubyGems)
Feb 5, 2026
Sylius affected by IDOR in Cart and Checkout LiveComponents
High
CVE-2026-31820
was published
for
sylius/sylius
(Composer)
Mar 11, 2026
Quarkus has Authentication/Authorization bypasses
High
CVE-2026-39852
was published
for
io.quarkus:quarkus-vertx-http
(Maven)
May 4, 2026
ProTip!
Advisories are also available from the
GraphQL API