Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

609 advisories

Loading
Use After Free in SixLabors.ImageSharp High
CVE-2024-27929 was published for SixLabors.ImageSharp (NuGet) Mar 5, 2024
antonfirsov Luzenna
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability High
CVE-2024-21392 was published for Microsoft.NETCore.App.Runtime.linux-arm (NuGet) Mar 12, 2024
r3kumar TAINA-AntonyBingham
Remote Denial of Service Vulnerability in Microsoft QUIC High
GHSA-2x7m-gf85-3745 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Mar 13, 2024
CoreWCF NetFraming based services can leave connections open when they should be closed High
CVE-2024-28252 was published for CoreWCF.NetFramingBase (NuGet) Mar 15, 2024
mirek-kopacka birojnayak
mconnew
Umbraco possible user enumeration Low
CVE-2024-28868 was published for UmbracoCMS (NuGet) Mar 20, 2024
poan21
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM High
GHSA-wq88-fq4x-h2pm was published for PanelSW.Custom.WiX (NuGet) Mar 25, 2024
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM High
GHSA-g4v6-69p6-q3p4 was published for PanelSwWix4.Sdk (NuGet) Mar 25, 2024
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files High
CVE-2024-29188 was published for WixToolset.Util.wixext (NuGet) Mar 25, 2024
WiX based installers are vulnerable to binary hijack when run as SYSTEM High
CVE-2024-29187 was published for WixToolset.Sdk (NuGet) Mar 25, 2024
KNaceri rohitmothe
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements Moderate
CVE-2024-29881 was published for TinyMCE (Composer) Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes Moderate
CVE-2024-29203 was published for TinyMCE (Composer) Mar 26, 2024
Azure Identity Library for .NET Information Disclosure Vulnerability Moderate
CVE-2024-29992 was published for Azure.Identity (NuGet) Apr 9, 2024
scottaddie
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore Moderate
CVE-2024-32028 was published for OpenTelemetry.Instrumentation.AspNetCore (NuGet) Apr 12, 2024
IlyaGrebnov
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value Moderate
CVE-2024-32035 was published for SixLabors.ImageSharp (NuGet) Apr 15, 2024
skanejohan
SixLabors.ImageSharp vulnerable to data leakage Moderate
CVE-2024-32036 was published for SixLabors.ImageSharp (NuGet) Apr 15, 2024
antonfirsov
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service Low
CVE-2024-27086 was published for Microsoft.Identity.Client (NuGet) Apr 16, 2024
localden bgavrilMS
gladjohn pmaytak jmprieur christothes ntc-swiss-team
Blind SSRF Leads to Port Scan by using Webhooks Moderate
CVE-2024-29035 was published for Umbraco.Cms.Core (NuGet) Apr 17, 2024
0xRyuzak1
.NET Elevation of Privilege Vulnerability High
CVE-2024-21409 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) Apr 17, 2024
Umbraco Workflow's Backoffice users can execute arbitrary SQL Moderate
CVE-2024-32872 was published for Plumber.Workflow (NuGet) Apr 24, 2024
pjez-qestit
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow High
CVE-2024-32655 was published for Npgsql (NuGet) May 9, 2024
paul-gerste-sonarsource NinoFloris
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. Moderate
CVE-2024-29857 was published for BouncyCastle (Maven) May 14, 2024
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop Moderate
CVE-2024-30172 was published for BouncyCastle (Maven) May 14, 2024
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") Moderate
CVE-2024-30171 was published for BouncyCastle (Maven) May 14, 2024
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability Moderate
CVE-2024-30054 was published for Microsoft.PowerBI.JavaScript (NuGet) May 14, 2024
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability Moderate
CVE-2024-30045 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) May 14, 2024
ProTip! Advisories are also available from the GraphQL API