Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,336
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default High
CVE-2025-66416 was published for mcp (pip) Dec 2, 2025
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default High
CVE-2025-66414 was published for @modelcontextprotocol/sdk (npm) Dec 2, 2025
Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying... Moderate Unreviewed
CVE-2025-61430 was published Oct 24, 2025
Coder AgentAPI exposed user chat history via a DNS rebinding attack Moderate
CVE-2025-59956 was published for github.com/coder/agentapi (Go) Sep 29, 2025
eharris128
Credited to eharris128
vet MCP Server SSE Transport DNS Rebinding Vulnerability Low
CVE-2025-59163 was published for github.com/safedep/vet (Go) Sep 29, 2025
eharris128
Credited to eharris128
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing... High Unreviewed
CVE-2025-8036 was published Jul 22, 2025
Websites were able to send any requests to the development server and read the response in vite Moderate
CVE-2025-24010 was published for vite (npm) Jan 21, 2025
ivantsepp
Credited to ivantsepp
MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding High
CVE-2024-24759 was published for mindsdb (pip) Sep 5, 2024
Sim4n6
Credited to Sim4n6
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction... Moderate Unreviewed
CVE-2022-22364 was published May 3, 2024
Ollama DNS rebinding vulnerability High
CVE-2024-28224 was published for github.com/ollama/ollama (Go) Apr 8, 2024
SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722... High Unreviewed
CVE-2023-52235 was published Apr 5, 2024
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes Low
CVE-2023-41329 was published for com.github.tomakehurst:wiremock-jre8 (Maven) Sep 8, 2023
W0rty numacanedo
tomakehurst Mahoney oleg-nenashev
Credited to W0rty, numacanedo, tomakehurst, Mahoney, and oleg-nenashev
Windows DNS Spoofing Vulnerability Moderate Unreviewed
CVE-2023-32020 was published Jun 14, 2023
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not... High Unreviewed
CVE-2021-34561 was published May 24, 2022
RubyGems vulnerable to DNS hijack attack High
CVE-2015-3900 was published for rubygems-update (RubyGems) May 14, 2022
RubyGems has Origin Validation Error vulnerability High
CVE-2017-0902 was published for rubygems-update (RubyGems) May 13, 2022
DNS Rebinding in etcd Moderate
CVE-2018-1099 was published for go.etcd.io/etcd (Go) Feb 15, 2022
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements Moderate
CVE-2020-11091 was published for github.com/weaveworks/weave (Go) May 27, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database