GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
638 advisories
Filter by severity
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
High
CVE-2018-0765
was published
for
System.Security.Cryptography.Xml
(NuGet)
Oct 16, 2018
High severity vulnerability that affects System.Management.Automation
High
CVE-2019-1301
was published
for
System.Management.Automation
(NuGet)
Sep 13, 2019
Low severity vulnerability that affects Gw2Sharp
Low
GHSA-4vr3-9v7h-5f8v
was published
for
Gw2Sharp
(NuGet)
Jun 18, 2019
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv
Moderate
GHSA-3m2r-q8x3-xmf7
was published
for
Microsoft.AspNetCore.All
(NuGet)
Oct 16, 2018
ASP.NET Core allow an elevation of privilege
High
CVE-2018-0787
was published
for
Microsoft.AspNetCore.HttpOverrides
(NuGet)
Oct 16, 2018
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)
Moderate
CVE-2016-7119
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0773
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
Internal NCryptDecrypt method could be used externally from WindowsHello library.
Moderate
CVE-2020-11005
was published
for
HaemmerElectronics.SeppPenner.WindowsHello
(NuGet)
Apr 14, 2020
Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET
Moderate
CVE-2020-5268
was published
for
Sustainsys.Saml2
(NuGet)
Apr 22, 2020
Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke
Moderate
CVE-2019-12562
was published
for
DotNetNuke.Core
(NuGet)
Nov 18, 2019
Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack
Moderate
CVE-2020-5234
was published
for
MessagePack
(NuGet)
Jan 31, 2020
DSInternals Credential Roaming Elevation of Privilege Vulnerability
Moderate
GHSA-vx2x-9cff-fhjw
was published
for
DSInternals.Common
(NuGet)
Dec 6, 2022
Denial of service in ASP.NET Core
High
CVE-2018-8269
was published
for
Microsoft.AspNetCore.All
(NuGet)
Oct 16, 2018
ProTip!
Advisories are also available from the
GraphQL API