Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,585
Maven
5,000+
npm
5,000+
NuGet
923
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

23 advisories

Loading
DNS Rebinding in etcd Moderate
CVE-2018-1099 was published for go.etcd.io/etcd (Go) Feb 15, 2022
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements Moderate
CVE-2020-11091 was published for github.com/weaveworks/weave (Go) May 27, 2021
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not... High Unreviewed
CVE-2021-34561 was published May 24, 2022
RubyGems has Origin Validation Error vulnerability High
CVE-2017-0902 was published for rubygems-update (RubyGems) May 13, 2022
RubyGems vulnerable to DNS hijack attack High
CVE-2015-3900 was published for rubygems-update (RubyGems) May 14, 2022
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes Low
CVE-2023-41329 was published for com.github.tomakehurst:wiremock-jre8 (Maven) Sep 8, 2023
W0rty Credited to W0rty, numacanedo, tomakehurst, Mahoney, and oleg-nenashev numacanedo numacanedo
tomakehurst tomakehurst Mahoney Mahoney oleg-nenashev oleg-nenashev
Windows DNS Spoofing Vulnerability Moderate Unreviewed
CVE-2023-32020 was published Jun 14, 2023
SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722... High Unreviewed
CVE-2023-52235 was published Apr 5, 2024
MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding High
CVE-2024-24759 was published for mindsdb (pip) Sep 5, 2024
Sim4n6 Credited to Sim4n6
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction... Moderate Unreviewed
CVE-2022-22364 was published May 3, 2024
Websites were able to send any requests to the development server and read the response in vite Moderate
CVE-2025-24010 was published for vite (npm) Jan 21, 2025
ivantsepp Credited to ivantsepp
Ollama DNS rebinding vulnerability High
CVE-2024-28224 was published for github.com/ollama/ollama (Go) Apr 8, 2024
vet MCP Server SSE Transport DNS Rebinding Vulnerability Low
CVE-2025-59163 was published for github.com/safedep/vet (Go) Sep 29, 2025
eharris128 Credited to eharris128
Coder AgentAPI exposed user chat history via a DNS rebinding attack Moderate
CVE-2025-59956 was published for github.com/coder/agentapi (Go) Sep 29, 2025
eharris128 Credited to eharris128
Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying... Moderate Unreviewed
CVE-2025-61430 was published Oct 24, 2025
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing... High Unreviewed
CVE-2025-8036 was published Jul 22, 2025
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2026-1490 was published Feb 15, 2026
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default High
CVE-2025-66414 was published for @modelcontextprotocol/sdk (npm) Dec 2, 2025
JLLeitschuh Credited to JLLeitschuh
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default High
CVE-2025-66416 was published for mcp (pip) Dec 2, 2025
JLLeitschuh Credited to JLLeitschuh
Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation High
CVE-2026-33002 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 18, 2026
OpenClaw: macOS Tailnet DNS Spoofing & Credential Exfiltration High
GHSA-q9w8-cf67-r238 was published for openclaw (npm) Apr 3, 2026
nexrin Credited to nexrin and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding Moderate
GHSA-xq94-r468-qwgj was published for openclaw (npm) Apr 17, 2026
dhyabi2 Credited to dhyabi2
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown... Moderate Unreviewed
CVE-2026-6874 was published Apr 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database