Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+

156 advisories

Loading
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore Moderate
CVE-2024-32028 was published for OpenTelemetry.Instrumentation.AspNetCore (NuGet) Apr 12, 2024
IlyaGrebnov
Blind SSRF Leads to Port Scan by using Webhooks Moderate
CVE-2024-29035 was published for Umbraco.Cms.Core (NuGet) Apr 17, 2024
0xRyuzak1
SixLabors.ImageSharp vulnerable to data leakage Moderate
CVE-2024-32036 was published for SixLabors.ImageSharp (NuGet) Apr 15, 2024
antonfirsov
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value Moderate
CVE-2024-32035 was published for SixLabors.ImageSharp (NuGet) Apr 15, 2024
skanejohan
Duplicate Advisory: Microsoft Identity Denial of service vulnerability Moderate
GHSA-8g9c-28fc-mcx2 was published for Microsoft.IdentityModel.JsonWebTokens (NuGet) Jan 9, 2024 withdrawn
morganbr brentschmaltz
GeoK keegan-caruso jennyf19 jmprieur
Duplicate Advisory: .NET Information Disclosure Vulnerability Moderate
GHSA-2m65-m22p-9wjw was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Aug 10, 2022 withdrawn
Microsoft ASP.NET Core project templates vulnerable to denial of service Moderate
CVE-2024-21319 was published for Microsoft.IdentityModel.JsonWebTokens (NuGet) Jan 9, 2024
aried3r
Azure Identity Library for .NET Information Disclosure Vulnerability Moderate
CVE-2024-29992 was published for Azure.Identity (NuGet) Apr 9, 2024
scottaddie
.NET Information Disclosure Vulnerability Moderate
CVE-2022-34716 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Feb 3, 2024
noymaor
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes Moderate
CVE-2024-29203 was published for TinyMCE (Composer) Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements Moderate
CVE-2024-29881 was published for TinyMCE (Composer) Mar 26, 2024
NuGet Package Manager Tampering Vulnerability Moderate
CVE-2019-0976 was published for NuGet.Commands (NuGet) May 24, 2022
JarLob
Potential leak of NuGet.org API key Moderate
CVE-2022-30184 was published for NuGet.CommandLine (NuGet) Jun 14, 2022
JarLob
FullStackHero's WebAPI Boilerplate host header injection vulnerability Moderate
CVE-2024-26470 was published for FullStackHero.WebAPI.Boilerplate (NuGet) Feb 29, 2024
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core Moderate
CVE-2017-0248 was published for Microsoft.AspNetCore.Mvc (NuGet) Oct 16, 2018
Cross-site Scripting in Serenity Moderate
CVE-2024-26318 was published for @serenity-is/corelib (npm) Feb 19, 2024
Heap buffer overflow in CefSharp Moderate
CVE-2020-15999 was published for CefSharp.Common (NuGet) Oct 27, 2020
Apache log4net format string vulnerability causes DoS Moderate
CVE-2006-0743 was published for log4net (NuGet) May 1, 2022
CuteSoft CuteEditor Path Traversal vulnerability Moderate
CVE-2009-4665 was published for CuteEditor (NuGet) May 2, 2022
MongoDB C# Driver Risk of Exposing Authentication Data via Command Listener Moderate
CVE-2021-20331 was published for mongodb.driver (NuGet) May 24, 2022
AlmogApiiro
Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2010-1459 was published for mono (NuGet) May 2, 2022
Privilege Escalation using Spoofing Moderate
CVE-2023-49273 was published for Umbraco.CMS (NuGet) Dec 13, 2023
jerpenol
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21908 was published for TinyMCE (Composer) Oct 22, 2021
Cross-site scripting vulnerability in TinyMCE plugins Moderate
CVE-2024-21910 was published for TinyMCE (Composer) Nov 2, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21911 was published for TinyMCE (Composer) Jan 6, 2021
emilwareus
ProTip! Advisories are also available from the GraphQL API