Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

407 advisories

Loading
TrueLayer.Client SSRF when fetching payment or payment provider High
CVE-2024-23838 was published for TrueLayer.Client (NuGet) Jan 30, 2024
foldedbits
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass High
CVE-2024-0056 was published for Microsoft.Data.SqlClient (NuGet) Jan 9, 2024
cheenamalhotra
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability High
CVE-2024-21643 was published for Microsoft.IdentityModel.Protocols.SignedHttpRequest (NuGet) Jan 9, 2024
rymeskar brentschmaltz
GeoK keegan-caruso jmprieur jennyf19 TimHannMSFT
Duplicate Advisory: Denial of service in CBOR library High
GHSA-hf3r-vmrv-7w29 was published for PeterO.Cbor (NuGet) Jan 3, 2024 withdrawn
Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json High
GHSA-8rfx-6mr3-5jh3 was published for Newtonsoft.Json (NuGet) Jan 3, 2024 withdrawn
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability High
CVE-2023-36049 was published for System.Net.Requests (NuGet) Nov 14, 2023
MsQuic Remote Denial of Service Vulnerability High
CVE-2023-36435 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Oct 10, 2023
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel High
CVE-2023-38171 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Oct 10, 2023
Azure Identity SDK Remote Code Execution Vulnerability High
CVE-2023-36414 was published for Azure.Identity (NuGet) Oct 10, 2023
scottaddie
Vulnerable version of libwebp and can be exploited with a malicious source image High
GHSA-wqcr-xm43-hpqr was published for ImageResizer.Plugins.FreeImage (NuGet) Oct 6, 2023
CefSharp affected by libvpx's heap buffer overflow in vp8 encoding High
GHSA-4c29-gfrp-g6x9 was published for CefSharp.Common (NuGet) Oct 5, 2023
Imageflow affected by libwebp zero-day and should not be used with malicious source images. High
GHSA-7vpr-3ppw-qrpj was published for ImageResizer.Plugins.Imageflow (NuGet) Sep 27, 2023
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation High
CVE-2023-41890 was published for Sustainsys.Saml2 (NuGet) Sep 20, 2023
c53robin
Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability High
CVE-2023-36792 was published for Microsoft.NETCore.App.Runtime.win-arm64 (NuGet) Sep 12, 2023
Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability High
CVE-2023-36794 was published for Microsoft.NETCore.App.Runtime.win-arm64 (NuGet) Sep 12, 2023
Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability High
CVE-2023-36793 was published for Microsoft.NETCore.App.Runtime.win-arm64 (NuGet) Sep 12, 2023
Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability High
CVE-2023-36796 was published for Microsoft.NETCore.App.Runtime.win-arm64 (NuGet) Sep 12, 2023
libwebp: OOB write in BuildHuffmanTable High
CVE-2023-4863 was published for Pillow (Go) Sep 12, 2023
delroth Nachtalb
pshelton-skype
.NET Information Disclosure Vulnerability High
CVE-2023-35391 was published for Microsoft.AspNetCore.SignalR.Redis (NuGet) Aug 11, 2023
.NET Remote Code Execution Vulnerability High
CVE-2023-35390 was published for Microsoft.NET.Build.Containers (NuGet) Aug 9, 2023
.NET Denial of Service Vulnerability High
CVE-2023-38178 was published for Microsoft.AspNetCore.App.Runtime.win-arm (NuGet) Aug 9, 2023
.NET Denial of Service Vulnerability High
CVE-2023-38180 was published for Microsoft.AspNetCore.App.Runtime.win-arm64 (NuGet) Aug 9, 2023
mkilgore
Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions High
CVE-2023-37267 was published for Umbraco.Cms.Infrastructure (NuGet) Jul 13, 2023
1k-off dmitryMinaev
a-karandashov
Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability High
CVE-2023-33127 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) Jul 11, 2023
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability High
CVE-2023-33170 was published for Microsoft.AspNet.Identity.Owin (NuGet) Jul 11, 2023
DmitriyLewen gillarramendi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database