Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

638 advisories

Loading
Umbraco Forms components vulnerable to Stored Cross-site Scripting Low
CVE-2024-35239 was published for Umbraco.Forms (NuGet) May 28, 2024
RaphaelCSSilva
Out-of-bounds write in Microsoft.ChakraCore High
CVE-2019-1195 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Out-of-bounds write in Microsoft.ChakraCore High
CVE-2019-1131 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Out-of-bounds write in Microsoft.ChakraCore High
CVE-2019-1140 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Out-of-bounds write in Microsoft.ChakraCore High
CVE-2019-1139 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel High
CVE-2023-38171 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Oct 10, 2023
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability High
CVE-2023-36049 was published for System.Net.Requests (NuGet) Nov 14, 2023
Microsoft Common Data Model SDK Denial of Service Vulnerability Moderate
CVE-2023-36566 was published for Microsoft.CommonDataModel.ObjectModel (Maven) Oct 10, 2023
degant
Azure Identity SDK Remote Code Execution Vulnerability High
CVE-2023-36414 was published for Azure.Identity (NuGet) Oct 10, 2023
scottaddie
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability High
CVE-2023-33170 was published for Microsoft.AspNet.Identity.Owin (NuGet) Jul 11, 2023
DmitriyLewen gillarramendi
Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability Moderate
CVE-2023-36799 was published for Microsoft.NETCore.App.Runtime.linux-arm (NuGet) Sep 12, 2023
.NET Remote Code Execution Vulnerability High
CVE-2023-35390 was published for Microsoft.NET.Build.Containers (NuGet) Aug 9, 2023
MsQuic Remote Denial of Service Vulnerability High
CVE-2023-36435 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Oct 10, 2023
.NET Denial of Service Vulnerability High
CVE-2023-38178 was published for Microsoft.AspNetCore.App.Runtime.win-arm (NuGet) Aug 9, 2023
Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability High
CVE-2023-33127 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) Jul 11, 2023
YARP Denial of Service Vulnerability High
CVE-2023-33141 was published for Yarp.ReverseProxy (NuGet) Jun 23, 2023
.NET Remote Code Execution Vulnerability High
CVE-2023-24897 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) Jun 14, 2023
.NET Remote Code Execution Vulnerability High
CVE-2023-21808 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) Feb 14, 2023
NuGet Client Remote Code Execution Vulnerability High
CVE-2023-29337 was published for Microsoft.Build.NuGetSdkResolver (NuGet) Jun 14, 2023
Vulnerability in Azure Active Directory Authentication Library High
CVE-2019-1258 was published for microsoft.identitymodel.clients.activedirectory (NuGet) Aug 16, 2019
Out-of-bounds write in ChakraCore High
CVE-2019-1196 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Out-of-bounds write High
CVE-2019-1197 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Out-of-bounds write in Microsoft.ChakraCore High
CVE-2019-1141 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability Critical
GHSA-jw42-5m4v-9c8g was published for NuGet.CommandLine (NuGet) Jan 9, 2024 withdrawn
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass High
CVE-2024-0056 was published for Microsoft.Data.SqlClient (NuGet) Jan 9, 2024
cheenamalhotra
ProTip! Advisories are also available from the GraphQL API