GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
407 advisories
Filter by severity
TrueLayer.Client SSRF when fetching payment or payment provider
High
CVE-2024-23838
was published
for
TrueLayer.Client
(NuGet)
Jan 30, 2024
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass
High
CVE-2024-0056
was published
for
Microsoft.Data.SqlClient
(NuGet)
Jan 9, 2024
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
High
CVE-2024-21643
was published
for
Microsoft.IdentityModel.Protocols.SignedHttpRequest
(NuGet)
Jan 9, 2024
Duplicate Advisory: Denial of service in CBOR library
High
GHSA-hf3r-vmrv-7w29
was published
for
PeterO.Cbor
(NuGet)
Jan 3, 2024
•
withdrawn
Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json
High
GHSA-8rfx-6mr3-5jh3
was published
for
Newtonsoft.Json
(NuGet)
Jan 3, 2024
•
withdrawn
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability
High
CVE-2023-36049
was published
for
System.Net.Requests
(NuGet)
Nov 14, 2023
MsQuic Remote Denial of Service Vulnerability
High
CVE-2023-36435
was published
for
Microsoft.Native.Quic.MsQuic.OpenSSL
(NuGet)
Oct 10, 2023
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel
High
CVE-2023-38171
was published
for
Microsoft.Native.Quic.MsQuic.OpenSSL
(NuGet)
Oct 10, 2023
Azure Identity SDK Remote Code Execution Vulnerability
High
CVE-2023-36414
was published
for
Azure.Identity
(NuGet)
Oct 10, 2023
Vulnerable version of libwebp and can be exploited with a malicious source image
High
GHSA-wqcr-xm43-hpqr
was published
for
ImageResizer.Plugins.FreeImage
(NuGet)
Oct 6, 2023
CefSharp affected by libvpx's heap buffer overflow in vp8 encoding
High
GHSA-4c29-gfrp-g6x9
was published
for
CefSharp.Common
(NuGet)
Oct 5, 2023
Imageflow affected by libwebp zero-day and should not be used with malicious source images.
High
GHSA-7vpr-3ppw-qrpj
was published
for
ImageResizer.Plugins.Imageflow
(NuGet)
Sep 27, 2023
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation
High
CVE-2023-41890
was published
for
Sustainsys.Saml2
(NuGet)
Sep 20, 2023
Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability
High
CVE-2023-36792
was published
for
Microsoft.NETCore.App.Runtime.win-arm64
(NuGet)
Sep 12, 2023
Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability
High
CVE-2023-36794
was published
for
Microsoft.NETCore.App.Runtime.win-arm64
(NuGet)
Sep 12, 2023
Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability
High
CVE-2023-36793
was published
for
Microsoft.NETCore.App.Runtime.win-arm64
(NuGet)
Sep 12, 2023
Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability
High
CVE-2023-36796
was published
for
Microsoft.NETCore.App.Runtime.win-arm64
(NuGet)
Sep 12, 2023
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
.NET Information Disclosure Vulnerability
High
CVE-2023-35391
was published
for
Microsoft.AspNetCore.SignalR.Redis
(NuGet)
Aug 11, 2023
.NET Remote Code Execution Vulnerability
High
CVE-2023-35390
was published
for
Microsoft.NET.Build.Containers
(NuGet)
Aug 9, 2023
.NET Denial of Service Vulnerability
High
CVE-2023-38178
was published
for
Microsoft.AspNetCore.App.Runtime.win-arm
(NuGet)
Aug 9, 2023
.NET Denial of Service Vulnerability
High
CVE-2023-38180
was published
for
Microsoft.AspNetCore.App.Runtime.win-arm64
(NuGet)
Aug 9, 2023
Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions
High
CVE-2023-37267
was published
for
Umbraco.Cms.Infrastructure
(NuGet)
Jul 13, 2023
Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability
High
CVE-2023-33127
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Jul 11, 2023
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability
High
CVE-2023-33170
was published
for
Microsoft.AspNet.Identity.Owin
(NuGet)
Jul 11, 2023
ProTip!
Advisories are also available from the
GraphQL API