GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
609 advisories
Filter by severity
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
.NET Remote Code Execution Vulnerability
Moderate
CVE-2022-24512
was published
for
Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm
(NuGet)
Oct 18, 2022
DOM-XSS on Backoffice login screen.
Moderate
CVE-2023-48313
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Moderate
CVE-2024-32028
was published
for
OpenTelemetry.Instrumentation.AspNetCore
(NuGet)
Apr 12, 2024
.NET Elevation of Privilege Vulnerability
High
CVE-2024-21409
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Apr 17, 2024
Blind SSRF Leads to Port Scan by using Webhooks
Moderate
CVE-2024-29035
was published
for
Umbraco.Cms.Core
(NuGet)
Apr 17, 2024
SixLabors.ImageSharp vulnerable to data leakage
Moderate
CVE-2024-32036
was published
for
SixLabors.ImageSharp
(NuGet)
Apr 15, 2024
NuGet Client Security Feature Bypass Vulnerability
Critical
CVE-2024-0057
was published
for
NuGet.CommandLine
(NuGet)
Feb 13, 2024
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value
Moderate
CVE-2024-32035
was published
for
SixLabors.ImageSharp
(NuGet)
Apr 15, 2024
Duplicate Advisory: Microsoft Identity Denial of service vulnerability
Moderate
GHSA-8g9c-28fc-mcx2
was published
for
Microsoft.IdentityModel.JsonWebTokens
(NuGet)
Jan 9, 2024
•
withdrawn
Duplicate Advisory: Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
High
GHSA-32q7-gv7f-4cg5
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Feb 13, 2024
•
withdrawn
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Critical
CVE-2014-4172
was published
for
DotNetCasClient
(Composer)
May 17, 2022
Umbraco possible user enumeration
Low
CVE-2024-28868
was published
for
UmbracoCMS
(NuGet)
Mar 20, 2024
Duplicate Advisory: .NET Information Disclosure Vulnerability
Moderate
GHSA-2m65-m22p-9wjw
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Aug 10, 2022
•
withdrawn
Microsoft ASP.NET Core project templates vulnerable to denial of service
Moderate
CVE-2024-21319
was published
for
Microsoft.IdentityModel.JsonWebTokens
(NuGet)
Jan 9, 2024
Azure Identity Library for .NET Information Disclosure Vulnerability
Moderate
CVE-2024-29992
was published
for
Azure.Identity
(NuGet)
Apr 9, 2024
.NET Information Disclosure Vulnerability
Moderate
CVE-2022-34716
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Feb 3, 2024
WiX based installers are vulnerable to binary hijack when run as SYSTEM
High
CVE-2024-29187
was published
for
WixToolset.Sdk
(NuGet)
Mar 25, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Moderate
CVE-2024-29203
was published
for
TinyMCE
(Composer)
Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Moderate
CVE-2024-29881
was published
for
TinyMCE
(Composer)
Mar 26, 2024
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
High
CVE-2024-29188
was published
for
WixToolset.Util.wixext
(NuGet)
Mar 25, 2024
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
High
GHSA-g4v6-69p6-q3p4
was published
for
PanelSwWix4.Sdk
(NuGet)
Mar 25, 2024
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
High
GHSA-wq88-fq4x-h2pm
was published
for
PanelSW.Custom.WiX
(NuGet)
Mar 25, 2024
NuGet Package Manager Tampering Vulnerability
Moderate
CVE-2019-0976
was published
for
NuGet.Commands
(NuGet)
May 24, 2022
Potential leak of NuGet.org API key
Moderate
CVE-2022-30184
was published
for
NuGet.CommandLine
(NuGet)
Jun 14, 2022
ProTip!
Advisories are also available from the
GraphQL API