GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
609 advisories
Filter by severity
.NET Remote Code Execution Vulnerability
High
CVE-2023-24897
was published
for
Microsoft.NetCore.App.Runtime.win-arm
(NuGet)
Jun 14, 2023
.NET Remote Code Execution Vulnerability
High
CVE-2023-21808
was published
for
Microsoft.NetCore.App.Runtime.win-arm
(NuGet)
Feb 14, 2023
NuGet Client Remote Code Execution Vulnerability
High
CVE-2023-29337
was published
for
Microsoft.Build.NuGetSdkResolver
(NuGet)
Jun 14, 2023
.NET Remote Code Execution Vulnerability
High
CVE-2023-33128
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Jun 14, 2023
.NET Denial of Service vulnerability
High
CVE-2023-29331
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Jun 14, 2023
Vulnerability in Azure Active Directory Authentication Library
High
CVE-2019-1258
was published
for
microsoft.identitymodel.clients.activedirectory
(NuGet)
Aug 16, 2019
Out-of-bounds write in ChakraCore
High
CVE-2019-1196
was published
for
Microsoft.ChakraCore
(NuGet)
Mar 29, 2021
Out-of-bounds write in Microsoft.ChakraCore
High
CVE-2019-1141
was published
for
Microsoft.ChakraCore
(NuGet)
Mar 29, 2021
Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability
Critical
GHSA-jw42-5m4v-9c8g
was published
for
NuGet.CommandLine
(NuGet)
Jan 9, 2024
•
withdrawn
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass
High
CVE-2024-0056
was published
for
Microsoft.Data.SqlClient
(NuGet)
Jan 9, 2024
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
Moderate
CVE-2022-30187
was published
for
Azure.Storage.Blobs
(Maven)
Jul 13, 2022
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Moderate
CVE-2024-35218
was published
for
UmbracoCms.Core
(NuGet)
May 21, 2024
Umbraco CMS Open Redirect Bypass Protection
Moderate
CVE-2024-34071
was published
for
Umbraco.Cms.Web.BackOffice
(NuGet)
May 21, 2024
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Moderate
CVE-2020-23064
was published
for
jQuery
(RubyGems)
Jun 26, 2023
•
withdrawn
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
jQuery
(RubyGems)
Apr 29, 2020
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability
Moderate
CVE-2024-30046
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
May 14, 2024
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability
Moderate
CVE-2024-30045
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
May 14, 2024
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
Moderate
CVE-2024-30054
was published
for
Microsoft.PowerBI.JavaScript
(NuGet)
May 14, 2024
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Moderate
CVE-2024-29857
was published
for
BouncyCastle
(Maven)
May 14, 2024
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
High
CVE-2024-32655
was published
for
Npgsql
(NuGet)
May 9, 2024
Uncontrolled Resource Consumption in OPC UA .NET Standard Reference Server
High
CVE-2023-27321
was published
for
OPCFoundation.NetStandard.Opc.Ua.Server
(NuGet)
May 5, 2023
Umbraco Workflow's Backoffice users can execute arbitrary SQL
Moderate
CVE-2024-32872
was published
for
Plumber.Workflow
(NuGet)
Apr 24, 2024
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
Low
CVE-2024-27086
was published
for
Microsoft.Identity.Client
(NuGet)
Apr 16, 2024
ProTip!
Advisories are also available from the
GraphQL API