GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
154 advisories
Filter by severity
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Moderate
CVE-2023-48219
was published
for
TinyMCE
(Composer)
Nov 15, 2023
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
Ajax Pro Cross-site Scripting
Moderate
CVE-2023-49289
was published
for
AjaxNetProfessional
(NuGet)
Dec 5, 2023
Exposure of Sensitive Information in OPC UA .NET Standard Reference Server
Moderate
CVE-2023-31048
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
May 5, 2023
Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)
Moderate
CVE-2023-51662
was published
for
Snowflake.Data
(NuGet)
Dec 22, 2023
OWASP.AntiSamy mXSS when preserving comments
Moderate
CVE-2023-51652
was published
for
OWASP.AntiSamy
(NuGet)
Jan 2, 2024
Cross-site scripting vulnerability in TinyMCE
Moderate
CVE-2024-21911
was published
for
TinyMCE
(Composer)
Jan 6, 2021
Cross-site scripting vulnerability in TinyMCE plugins
Moderate
CVE-2024-21910
was published
for
TinyMCE
(Composer)
Nov 2, 2021
Cross-site scripting vulnerability in TinyMCE
Moderate
CVE-2024-21908
was published
for
TinyMCE
(Composer)
Oct 22, 2021
Privilege Escalation using Spoofing
Moderate
CVE-2023-49273
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2010-1459
was published
for
mono
(NuGet)
May 2, 2022
MongoDB C# Driver Risk of Exposing Authentication Data via Command Listener
Moderate
CVE-2021-20331
was published
for
mongodb.driver
(NuGet)
May 24, 2022
CuteSoft CuteEditor Path Traversal vulnerability
Moderate
CVE-2009-4665
was published
for
CuteEditor
(NuGet)
May 2, 2022
Apache log4net format string vulnerability causes DoS
Moderate
CVE-2006-0743
was published
for
log4net
(NuGet)
May 1, 2022
Heap buffer overflow in CefSharp
Moderate
CVE-2020-15999
was published
for
CefSharp.Common
(NuGet)
Oct 27, 2020
Cross-site Scripting in Serenity
Moderate
CVE-2024-26318
was published
for
@serenity-is/corelib
(npm)
Feb 19, 2024
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core
Moderate
CVE-2017-0248
was published
for
Microsoft.AspNetCore.Mvc
(NuGet)
Oct 16, 2018
FullStackHero's WebAPI Boilerplate host header injection vulnerability
Moderate
CVE-2024-26470
was published
for
FullStackHero.WebAPI.Boilerplate
(NuGet)
Feb 29, 2024
Potential leak of NuGet.org API key
Moderate
CVE-2022-30184
was published
for
NuGet.CommandLine
(NuGet)
Jun 14, 2022
NuGet Package Manager Tampering Vulnerability
Moderate
CVE-2019-0976
was published
for
NuGet.Commands
(NuGet)
May 24, 2022
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Moderate
CVE-2024-29881
was published
for
TinyMCE
(Composer)
Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Moderate
CVE-2024-29203
was published
for
TinyMCE
(Composer)
Mar 26, 2024
.NET Information Disclosure Vulnerability
Moderate
CVE-2022-34716
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Feb 3, 2024
Azure Identity Library for .NET Information Disclosure Vulnerability
Moderate
CVE-2024-29992
was published
for
Azure.Identity
(NuGet)
Apr 9, 2024
Microsoft ASP.NET Core project templates vulnerable to denial of service
Moderate
CVE-2024-21319
was published
for
Microsoft.IdentityModel.JsonWebTokens
(NuGet)
Jan 9, 2024
ProTip!
Advisories are also available from the
GraphQL API