Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

609 advisories

Loading
Brute force exploit can be used to collect valid usernames Low
CVE-2023-49278 was published for Umbraco.CMS (NuGet) Dec 13, 2023
Possible injection of HTML into user invite mails Low
CVE-2023-38694 was published for Umbraco.CMS (NuGet) Dec 13, 2023
ASP.NET Core Denial of Service Vulnerability High
CVE-2020-1597 was published for Microsoft.AspNetCore.All (NuGet) May 24, 2022
Cookie parsing failure High
CVE-2020-1045 was published for Microsoft.AspNetCore.App (NuGet) May 24, 2022
GeorgeHady skofman1
Tratcher
libwebp: OOB write in BuildHuffmanTable High
CVE-2023-4863 was published for Pillow (Go) Sep 12, 2023
delroth Nachtalb
pshelton-skype
.NET Core Remote Code Execution Vulnerability Critical
CVE-2021-26701 was published for System.Text.Encodings.Web (NuGet) Apr 21, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21908 was published for TinyMCE (Composer) Oct 22, 2021
Cross-site scripting vulnerability in TinyMCE plugins Moderate
CVE-2024-21910 was published for TinyMCE (Composer) Nov 2, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21911 was published for TinyMCE (Composer) Jan 6, 2021
emilwareus
Denial of service in CBOR library High
CVE-2024-21909 was published for PeterO.Cbor (NuGet) Jan 21, 2022
Duplicate Advisory: Denial of service in CBOR library High
GHSA-hf3r-vmrv-7w29 was published for PeterO.Cbor (NuGet) Jan 3, 2024 withdrawn
Improper Handling of Exceptional Conditions in Newtonsoft.Json High
CVE-2024-21907 was published for Newtonsoft.Json (NuGet) Jun 22, 2022
ezsilmar JamesNK
Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json High
GHSA-8rfx-6mr3-5jh3 was published for Newtonsoft.Json (NuGet) Jan 3, 2024 withdrawn
OWASP.AntiSamy mXSS when preserving comments Moderate
CVE-2023-51652 was published for OWASP.AntiSamy (NuGet) Jan 2, 2024
leeN spassarop
.NET Denial of Service Vulnerability High
CVE-2022-29145 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Aug 30, 2022
.NET Denial of Service Vulnerability High
CVE-2022-29117 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Aug 30, 2022
binki akunzai
leecow Tratcher skofman1
Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL) Moderate
CVE-2023-51662 was published for Snowflake.Data (NuGet) Dec 22, 2023
TimoVink
.NET Denial of Service Vulnerability High
CVE-2022-23267 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Oct 21, 2022
.NET Denial of Service Vulnerability High
CVE-2022-38013 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Sep 15, 2022
Stored XSS via SVG File Upload Low
CVE-2023-49279 was published for Umbraco.CMS (NuGet) Dec 13, 2023
S3ntago
Exposure of Sensitive Information in OPC UA .NET Standard Reference Server Moderate
CVE-2023-31048 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) May 5, 2023
Stale copy of the public suffix list Low
GHSA-w4x6-hh3x-wjrx was published for Gsemac.Net (NuGet) Dec 11, 2023
Exposure of Sensitive Information in Elastic APM .NET Agent Low
CVE-2021-22143 was published for Elastic.Apm (NuGet) Nov 22, 2023
MarkLee131
Ajax Pro Cross-site Scripting Moderate
CVE-2023-49289 was published for AjaxNetProfessional (NuGet) Dec 5, 2023
Path Traversal: 'dir/../../filename' in moment.locale High
CVE-2022-24785 was published for Moment.js (npm) Apr 4, 2022
ProTip! Advisories are also available from the GraphQL API