GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
156 advisories
Filter by severity
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Moderate
CVE-2024-32028
was published
for
OpenTelemetry.Instrumentation.AspNetCore
(NuGet)
Apr 12, 2024
Blind SSRF Leads to Port Scan by using Webhooks
Moderate
CVE-2024-29035
was published
for
Umbraco.Cms.Core
(NuGet)
Apr 17, 2024
SixLabors.ImageSharp vulnerable to data leakage
Moderate
CVE-2024-32036
was published
for
SixLabors.ImageSharp
(NuGet)
Apr 15, 2024
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value
Moderate
CVE-2024-32035
was published
for
SixLabors.ImageSharp
(NuGet)
Apr 15, 2024
Duplicate Advisory: Microsoft Identity Denial of service vulnerability
Moderate
GHSA-8g9c-28fc-mcx2
was published
for
Microsoft.IdentityModel.JsonWebTokens
(NuGet)
Jan 9, 2024
•
withdrawn
Duplicate Advisory: .NET Information Disclosure Vulnerability
Moderate
GHSA-2m65-m22p-9wjw
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Aug 10, 2022
•
withdrawn
Microsoft ASP.NET Core project templates vulnerable to denial of service
Moderate
CVE-2024-21319
was published
for
Microsoft.IdentityModel.JsonWebTokens
(NuGet)
Jan 9, 2024
Azure Identity Library for .NET Information Disclosure Vulnerability
Moderate
CVE-2024-29992
was published
for
Azure.Identity
(NuGet)
Apr 9, 2024
.NET Information Disclosure Vulnerability
Moderate
CVE-2022-34716
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Feb 3, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Moderate
CVE-2024-29203
was published
for
TinyMCE
(Composer)
Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Moderate
CVE-2024-29881
was published
for
TinyMCE
(Composer)
Mar 26, 2024
NuGet Package Manager Tampering Vulnerability
Moderate
CVE-2019-0976
was published
for
NuGet.Commands
(NuGet)
May 24, 2022
Potential leak of NuGet.org API key
Moderate
CVE-2022-30184
was published
for
NuGet.CommandLine
(NuGet)
Jun 14, 2022
FullStackHero's WebAPI Boilerplate host header injection vulnerability
Moderate
CVE-2024-26470
was published
for
FullStackHero.WebAPI.Boilerplate
(NuGet)
Feb 29, 2024
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core
Moderate
CVE-2017-0248
was published
for
Microsoft.AspNetCore.Mvc
(NuGet)
Oct 16, 2018
Cross-site Scripting in Serenity
Moderate
CVE-2024-26318
was published
for
@serenity-is/corelib
(npm)
Feb 19, 2024
Heap buffer overflow in CefSharp
Moderate
CVE-2020-15999
was published
for
CefSharp.Common
(NuGet)
Oct 27, 2020
Apache log4net format string vulnerability causes DoS
Moderate
CVE-2006-0743
was published
for
log4net
(NuGet)
May 1, 2022
CuteSoft CuteEditor Path Traversal vulnerability
Moderate
CVE-2009-4665
was published
for
CuteEditor
(NuGet)
May 2, 2022
MongoDB C# Driver Risk of Exposing Authentication Data via Command Listener
Moderate
CVE-2021-20331
was published
for
mongodb.driver
(NuGet)
May 24, 2022
Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2010-1459
was published
for
mono
(NuGet)
May 2, 2022
Privilege Escalation using Spoofing
Moderate
CVE-2023-49273
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Cross-site scripting vulnerability in TinyMCE
Moderate
CVE-2024-21908
was published
for
TinyMCE
(Composer)
Oct 22, 2021
Cross-site scripting vulnerability in TinyMCE plugins
Moderate
CVE-2024-21910
was published
for
TinyMCE
(Composer)
Nov 2, 2021
Cross-site scripting vulnerability in TinyMCE
Moderate
CVE-2024-21911
was published
for
TinyMCE
(Composer)
Jan 6, 2021
ProTip!
Advisories are also available from the
GraphQL API