GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
638 advisories
Filter by severity
Umbraco possible user enumeration
Low
CVE-2024-28868
was published
for
UmbracoCMS
(NuGet)
Mar 20, 2024
Duplicate Advisory: .NET Information Disclosure Vulnerability
Moderate
GHSA-2m65-m22p-9wjw
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Aug 10, 2022
•
withdrawn
Microsoft ASP.NET Core project templates vulnerable to denial of service
Moderate
CVE-2024-21319
was published
for
Microsoft.IdentityModel.JsonWebTokens
(NuGet)
Jan 9, 2024
Azure Identity Library for .NET Information Disclosure Vulnerability
Moderate
CVE-2024-29992
was published
for
Azure.Identity
(NuGet)
Apr 9, 2024
.NET Information Disclosure Vulnerability
Moderate
CVE-2022-34716
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Feb 3, 2024
WiX based installers are vulnerable to binary hijack when run as SYSTEM
High
CVE-2024-29187
was published
for
WixToolset.Sdk
(NuGet)
Mar 25, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Moderate
CVE-2024-29203
was published
for
TinyMCE
(Composer)
Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Moderate
CVE-2024-29881
was published
for
TinyMCE
(Composer)
Mar 26, 2024
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
High
CVE-2024-29188
was published
for
WixToolset.Util.wixext
(NuGet)
Mar 25, 2024
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
High
GHSA-g4v6-69p6-q3p4
was published
for
PanelSwWix4.Sdk
(NuGet)
Mar 25, 2024
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
High
GHSA-wq88-fq4x-h2pm
was published
for
PanelSW.Custom.WiX
(NuGet)
Mar 25, 2024
NuGet Package Manager Tampering Vulnerability
Moderate
CVE-2019-0976
was published
for
NuGet.Commands
(NuGet)
May 24, 2022
Potential leak of NuGet.org API key
Moderate
CVE-2022-30184
was published
for
NuGet.CommandLine
(NuGet)
Jun 14, 2022
NuGet Elevation of Privilege Vulnerability
High
CVE-2022-41032
was published
for
NuGet.CommandLine
(NuGet)
Oct 11, 2022
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
Critical
CVE-2024-21386
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Feb 13, 2024
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability
High
CVE-2024-21392
was published
for
Microsoft.NETCore.App.Runtime.linux-arm
(NuGet)
Mar 12, 2024
CoreWCF NetFraming based services can leave connections open when they should be closed
High
CVE-2024-28252
was published
for
CoreWCF.NetFramingBase
(NuGet)
Mar 15, 2024
Remote Denial of Service Vulnerability in Microsoft QUIC
High
GHSA-2x7m-gf85-3745
was published
for
Microsoft.Native.Quic.MsQuic.OpenSSL
(NuGet)
Mar 13, 2024
Use After Free in SixLabors.ImageSharp
High
CVE-2024-27929
was published
for
SixLabors.ImageSharp
(NuGet)
Mar 5, 2024
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core
Moderate
CVE-2017-0248
was published
for
Microsoft.AspNetCore.Mvc
(NuGet)
Oct 16, 2018
Cross-site Scripting in Serenity
Moderate
CVE-2024-26318
was published
for
@serenity-is/corelib
(npm)
Feb 19, 2024
Heap buffer overflow in CefSharp
Moderate
CVE-2020-15999
was published
for
CefSharp.Common
(NuGet)
Oct 27, 2020
Apache log4net format string vulnerability causes DoS
Moderate
CVE-2006-0743
was published
for
log4net
(NuGet)
May 1, 2022
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
CVE-2024-24810
was published
for
wix
(NuGet)
Feb 8, 2024
ProTip!
Advisories are also available from the
GraphQL API