GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
172 advisories
Filter by severity
orchardcore is vulnerable to Cross-site Scripting
Moderate
CVE-2022-0159
was published
for
OrchardCore
(NuGet)
Jan 21, 2022
.NET Core Information Disclosure Vulnerability
Moderate
CVE-2021-34485
was published
for
Microsoft.NETCore.App
(NuGet)
Oct 20, 2022
Cross-site Scripting in PiranhaCMS
Moderate
CVE-2021-25977
was published
for
Piranha
(NuGet)
Oct 27, 2021
Credential Disclosure in System.DirectoryServices.Protocols
Moderate
CVE-2021-41355
was published
for
System.DirectoryServices.Protocols
(NuGet)
Oct 12, 2021
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard
Moderate
CVE-2020-8867
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Aug 2, 2021
Unrestricted Upload of File with Dangerous Type in Umbraco CMS
Moderate
CVE-2020-9472
was published
for
UmbracoCms
(NuGet)
Aug 2, 2021
Incorrect permission enforcement in UmbracoCms
Moderate
CVE-2020-29454
was published
for
UmbracoCms
(NuGet)
Apr 13, 2021
Authenticated path traversal in Umbraco CMS
Moderate
CVE-2020-5811
was published
for
UmbracoCms
(NuGet)
Apr 13, 2021
Signature validation bypass in ServiceStack
Moderate
CVE-2020-28042
was published
for
ServiceStack
(NuGet)
Jan 13, 2021
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc
Moderate
CVE-2017-0256
was published
for
Microsoft.AspNetCore.Mvc
(NuGet)
Oct 16, 2018
Cross-site scripting in CLEditor
Moderate
CVE-2019-1010113
was published
for
CLEditor
(NuGet)
Jul 26, 2019
Remote code execution vulnerability in dependency System.Drawing.Common
Moderate
GHSA-gpv5-rp6w-58r8
was published
for
Akka
(NuGet)
Nov 22, 2022
Elevation of privilege in ASP.NET Core
Moderate
CVE-2019-1302
was published
for
Microsoft.AspNetCore.SpaServices
(NuGet)
May 24, 2022
.NET Information Disclosure Vulnerability
Moderate
CVE-2022-41064
was published
for
Microsoft.Data.SqlClient
(NuGet)
Nov 8, 2022
ASP.NET Core Information Disclosure Vulnerability
Moderate
CVE-2021-34532
was published
for
Microsoft.AspNetCore.Authentication.JwtBearer
(NuGet)
Aug 25, 2021
Exposure of Sensitive Information in OPCFoundation.NetStandard.Opc.Ua.Server
Moderate
CVE-2022-33916
was published
for
OPCFoundation.NetStandard.Opc.Ua.Server
(NuGet)
Aug 24, 2022
Denial of service in .NET core
Moderate
CVE-2021-1721
was published
for
Microsoft.NETCore.App
(NuGet)
May 24, 2022
Denial of service in ASP.NET Core
Moderate
CVE-2020-0602
was published
for
Microsoft.AspNetCore.All
(NuGet)
May 24, 2022
Improper Certificate Validation in OPCFoundation.NetStandard.Opc.Ua.Core
Moderate
CVE-2020-29457
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Nov 19, 2021
Improper Certificate Validation in Microsoft .NET Framework components
Moderate
CVE-2018-8356
was published
for
System.Private.ServiceModel
(NuGet)
May 14, 2022
Cross-site scripting vulnerability in TinyMCE alerts
Moderate
CVE-2022-23494
was published
for
TinyMCE
(Composer)
Dec 8, 2022
DNN vulnerable to Relative Path Traversal
Moderate
CVE-2022-2922
was published
for
DotNetNuke.Core
(NuGet)
Oct 1, 2022
OrchardCore vulnerable to HTML injection
Moderate
CVE-2022-32173
was published
for
OrchardCore
(NuGet)
Oct 4, 2022
Weak private key generation in SSH.NET
Moderate
CVE-2022-29245
was published
for
SSH.NET
(NuGet)
Jun 1, 2022
ProTip!
Advisories are also available from the
GraphQL API