GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
609 advisories
Filter by severity
OPC UA applications can allow a remote attacker to determine a Server's private key
Moderate
CVE-2018-7559
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core
Moderate
CVE-2017-0248
was published
for
Microsoft.AspNetCore.Mvc
(NuGet)
Oct 16, 2018
Improper Certificate Validation in Microsoft .NET Framework components
High
CVE-2018-0786
was published
for
Microsoft.NETCore.UniversalWindowsPlatform
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv
Moderate
GHSA-3m2r-q8x3-xmf7
was published
for
Microsoft.AspNetCore.All
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core
Moderate
GHSA-cgpw-2gph-2r9g
was published
for
Microsoft.AspNetCore.All
(NuGet)
Oct 16, 2018
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0771
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0773
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2019-0746
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0769
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0611
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0592
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0609
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0639
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
Critical severity vulnerability that affects Auth0-WCF-Service-JWT
Critical
CVE-2019-7644
was published
for
Auth0-WCF-Service-JWT
(NuGet)
Apr 18, 2019
Duplicate Advisory: Prototype Pollution in jquery
Moderate
CVE-2019-5428
was published
for
jquery
(RubyGems)
Apr 23, 2019
•
withdrawn
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Low severity vulnerability that affects Gw2Sharp
Low
GHSA-4vr3-9v7h-5f8v
was published
for
Gw2Sharp
(NuGet)
Jun 18, 2019
Inadequate Encryption Strength in DotNetNuke
High
CVE-2018-18325
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Insufficient Entropy in DotNetNuke
High
CVE-2018-18326
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Insufficient Entropy in DotNetNuke
High
CVE-2018-15812
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Inadequate Encryption Strength in DotNetNuke
High
CVE-2018-15811
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation
Critical
CVE-2019-9845
was published
for
MadsKristensen.AspNetCore.Miniblog
(NuGet)
Jul 5, 2019
System.Management.Automation subject to bypass via script debugging
Moderate
CVE-2019-1167
was published
for
System.Management.Automation
(NuGet)
Jul 17, 2019
Cross-site scripting in CLEditor
Moderate
CVE-2019-1010113
was published
for
CLEditor
(NuGet)
Jul 26, 2019
ProTip!
Advisories are also available from the
GraphQL API