GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
609 advisories
Filter by severity
Cross-site scripting vulnerability in TinyMCE plugins
Moderate
CVE-2024-21910
was published
for
TinyMCE
(Composer)
Nov 2, 2021
Cross-site scripting vulnerability in TinyMCE
Moderate
CVE-2024-21908
was published
for
TinyMCE
(Composer)
Oct 22, 2021
.NET Core Remote Code Execution Vulnerability
Critical
CVE-2021-26701
was published
for
System.Text.Encodings.Web
(NuGet)
Apr 21, 2021
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
Cookie parsing failure
High
CVE-2020-1045
was published
for
Microsoft.AspNetCore.App
(NuGet)
May 24, 2022
ASP.NET Core Denial of Service Vulnerability
High
CVE-2020-1597
was published
for
Microsoft.AspNetCore.All
(NuGet)
May 24, 2022
Possible injection of HTML into user invite mails
Low
CVE-2023-38694
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Brute force exploit can be used to collect valid usernames
Low
CVE-2023-49278
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
Low
CVE-2023-49089
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Backoffice User can bypass "Publish" restriction
Low
CVE-2023-48227
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
Low
CVE-2023-49274
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Privilege Escalation using Spoofing
Moderate
CVE-2023-49273
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2010-1459
was published
for
mono
(NuGet)
May 2, 2022
MongoDB C# Driver Risk of Exposing Authentication Data via Command Listener
Moderate
CVE-2021-20331
was published
for
mongodb.driver
(NuGet)
May 24, 2022
TrueLayer.Client SSRF when fetching payment or payment provider
High
CVE-2024-23838
was published
for
TrueLayer.Client
(NuGet)
Jan 30, 2024
PowerShell is subject to remote code execution vulnerability
High
GHSA-jcmq-5rrv-j2g4
was published
for
PowerShell
(NuGet)
Feb 2, 2024
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
High
CVE-2024-21643
was published
for
Microsoft.IdentityModel.Protocols.SignedHttpRequest
(NuGet)
Jan 9, 2024
Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
GHSA-259p-rvjx-ffwg
was published
for
PanelSW.Custom.WiX
(NuGet)
Feb 8, 2024
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
GHSA-8v28-3g86-chj5
was published
for
PanelSwWix4.Sdk
(NuGet)
Feb 8, 2024
CuteSoft CuteEditor Path Traversal vulnerability
Moderate
CVE-2009-4665
was published
for
CuteEditor
(NuGet)
May 2, 2022
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
CVE-2024-24810
was published
for
wix
(NuGet)
Feb 8, 2024
Apache log4net format string vulnerability causes DoS
Moderate
CVE-2006-0743
was published
for
log4net
(NuGet)
May 1, 2022
Heap buffer overflow in CefSharp
Moderate
CVE-2020-15999
was published
for
CefSharp.Common
(NuGet)
Oct 27, 2020
Cross-site Scripting in Serenity
Moderate
CVE-2024-26318
was published
for
@serenity-is/corelib
(npm)
Feb 19, 2024
ProTip!
Advisories are also available from the
GraphQL API