GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
609 advisories
Filter by severity
Vulnerability in Azure Active Directory Authentication Library
High
CVE-2019-1258
was published
for
microsoft.identitymodel.clients.activedirectory
(NuGet)
Aug 16, 2019
Uncontrolled Resource Consumption in MetadataExtractor
High
CVE-2019-14262
was published
for
MetadataExtractor
(NuGet)
Aug 23, 2019
Directory Traversal in SharpCompress
Moderate
CVE-2018-1002206
was published
for
sharpcompress
(NuGet)
Sep 11, 2019
High severity vulnerability that affects System.Management.Automation
High
CVE-2019-1301
was published
for
System.Management.Automation
(NuGet)
Sep 13, 2019
High severity vulnerability that affects PeterO.Cbor
High
GHSA-cxw4-9qv9-vx5h
was published
for
PeterO.Cbor
(NuGet)
Sep 30, 2019
Improper Authentication in Auth0.AuthenticationApi
High
CVE-2019-16929
was published
for
Auth0.AuthenticationApi
(NuGet)
Oct 24, 2019
Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke
Moderate
CVE-2019-12562
was published
for
DotNetNuke.Core
(NuGet)
Nov 18, 2019
Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack
Moderate
CVE-2020-5234
was published
for
MessagePack
(NuGet)
Jan 31, 2020
Missing Token Replay Detection in Saml2 Authentication services for ASP.NET
High
CVE-2020-5261
was published
for
Sustainsys.Saml2
(NuGet)
Mar 25, 2020
Internal NCryptDecrypt method could be used externally from WindowsHello library.
Moderate
CVE-2020-11005
was published
for
HaemmerElectronics.SeppPenner.WindowsHello
(NuGet)
Apr 14, 2020
Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET
Moderate
CVE-2020-5268
was published
for
Sustainsys.Saml2
(NuGet)
Apr 22, 2020
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
jquery
(RubyGems)
Apr 29, 2020
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
jQuery
(RubyGems)
Apr 29, 2020
Cross-Site Scripting in jquery
Moderate
CVE-2020-7656
was published
for
jQuery
(RubyGems)
May 20, 2020
Insecure defaults in UmbracoForms
High
CVE-2020-7685
was published
for
UmbracoForms
(NuGet)
Jul 29, 2020
Cross-Site Scripting in jquery
Moderate
CVE-2012-6708
was published
for
jQuery
(RubyGems)
Sep 1, 2020
personnummer/csharp vulnerable to Improper Input Validation
Low
GHSA-qv8q-v995-72gr
was published
for
personnummer
(NuGet)
Sep 9, 2020
Heap buffer overflow in CefSharp
Moderate
CVE-2020-15999
was published
for
CefSharp.Common
(NuGet)
Oct 27, 2020
Inappropriate implementation in V8 in CefSharp
High
CVE-2020-16013
was published
for
CefSharp.Common
(NuGet)
Nov 27, 2020
Use after free in CefSharp
High
CVE-2020-16017
was published
for
CefSharp.Common
(NuGet)
Nov 27, 2020
Inappropriate implementation in V8
High
CVE-2020-16009
was published
for
CefSharp.Common
(NuGet)
Dec 2, 2020
Cross-site scripting vulnerability in TinyMCE
Moderate
CVE-2024-21911
was published
for
TinyMCE
(Composer)
Jan 6, 2021
Regular Expression Denial of Service in jquery-validation
High
CVE-2021-21252
was published
for
jQuery.Validation
(npm)
Jan 13, 2021
ProTip!
Advisories are also available from the
GraphQL API