GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
154 advisories
Filter by severity
Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader
Moderate
GHSA-3w9w-9833-gcpv
was published
for
directxtex_desktop_2019
(NuGet)
Jan 26, 2023
Code injection in RazorEngine
Moderate
CVE-2021-46703
was published
for
RazorEngine
(NuGet)
Mar 7, 2022
Prototype Pollution in jquery.cookie
Moderate
CVE-2022-23395
was published
for
jquery.cookie
(NuGet)
Mar 3, 2022
Path Traversal in SharpZipLib
Moderate
CVE-2021-32842
was published
for
SharpZipLib
(NuGet)
Feb 1, 2022
Path Traversal in SharpZipLib
Moderate
CVE-2021-32841
was published
for
SharpZipLib
(NuGet)
Feb 1, 2022
Cross-site Scripting OrchardCore.Application.Cms.Targets
Moderate
CVE-2022-0274
was published
for
OrchardCore.Application.Cms.Targets
(NuGet)
Jan 21, 2022
orchardcore is vulnerable to Cross-site Scripting
Moderate
CVE-2022-0159
was published
for
OrchardCore
(NuGet)
Jan 21, 2022
.NET Core Information Disclosure Vulnerability
Moderate
CVE-2021-34485
was published
for
Microsoft.NETCore.App
(NuGet)
Oct 20, 2022
Cross-site Scripting in PiranhaCMS
Moderate
CVE-2021-25977
was published
for
Piranha
(NuGet)
Oct 27, 2021
Credential Disclosure in System.DirectoryServices.Protocols
Moderate
CVE-2021-41355
was published
for
System.DirectoryServices.Protocols
(NuGet)
Oct 12, 2021
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard
Moderate
CVE-2020-8867
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Aug 2, 2021
Unrestricted Upload of File with Dangerous Type in Umbraco CMS
Moderate
CVE-2020-9472
was published
for
UmbracoCms
(NuGet)
Aug 2, 2021
Incorrect permission enforcement in UmbracoCms
Moderate
CVE-2020-29454
was published
for
UmbracoCms
(NuGet)
Apr 13, 2021
Authenticated path traversal in Umbraco CMS
Moderate
CVE-2020-5811
was published
for
UmbracoCms
(NuGet)
Apr 13, 2021
Signature validation bypass in ServiceStack
Moderate
CVE-2020-28042
was published
for
ServiceStack
(NuGet)
Jan 13, 2021
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc
Moderate
CVE-2017-0256
was published
for
Microsoft.AspNetCore.Mvc
(NuGet)
Oct 16, 2018
Cross-site scripting in CLEditor
Moderate
CVE-2019-1010113
was published
for
CLEditor
(NuGet)
Jul 26, 2019
Remote code execution vulnerability in dependency System.Drawing.Common
Moderate
GHSA-gpv5-rp6w-58r8
was published
for
Akka
(NuGet)
Nov 22, 2022
Elevation of privilege in ASP.NET Core
Moderate
CVE-2019-1302
was published
for
Microsoft.AspNetCore.SpaServices
(NuGet)
May 24, 2022
.NET Information Disclosure Vulnerability
Moderate
CVE-2022-41064
was published
for
Microsoft.Data.SqlClient
(NuGet)
Nov 8, 2022
ASP.NET Core Information Disclosure Vulnerability
Moderate
CVE-2021-34532
was published
for
Microsoft.AspNetCore.Authentication.JwtBearer
(NuGet)
Aug 25, 2021
Exposure of Sensitive Information in OPCFoundation.NetStandard.Opc.Ua.Server
Moderate
CVE-2022-33916
was published
for
OPCFoundation.NetStandard.Opc.Ua.Server
(NuGet)
Aug 24, 2022
Denial of service in .NET core
Moderate
CVE-2021-1721
was published
for
Microsoft.NETCore.App
(NuGet)
May 24, 2022
Integer overflow in the bundled Brotli C library
Moderate
CVE-2020-8927
was published
for
Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm
(NuGet)
May 24, 2022
Denial of service in ASP.NET Core
Moderate
CVE-2020-0602
was published
for
Microsoft.AspNetCore.All
(NuGet)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API