GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
154 advisories
Filter by severity
Path Traversal in SharpZipLib
Moderate
CVE-2021-32842
was published
for
SharpZipLib
(NuGet)
Feb 1, 2022
Prototype Pollution in jquery.cookie
Moderate
CVE-2022-23395
was published
for
jquery.cookie
(NuGet)
Mar 3, 2022
Code injection in RazorEngine
Moderate
CVE-2021-46703
was published
for
RazorEngine
(NuGet)
Mar 7, 2022
Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader
Moderate
GHSA-3w9w-9833-gcpv
was published
for
directxtex_desktop_2019
(NuGet)
Jan 26, 2023
Directory Traversal in SharpCompress
Moderate
CVE-2018-1002206
was published
for
sharpcompress
(NuGet)
Sep 11, 2019
Timing based private key exposure in Bouncy Castle
Moderate
CVE-2020-15522
was published
for
BouncyCastle
(Maven)
Aug 13, 2021
Server side request forgery in SwaggerUI
Moderate
GHSA-qrmm-w75w-3wpx
was published
for
Swashbuckle.AspNetCore.SwaggerUI
(npm)
Dec 9, 2021
Cross-Site Scripting in jquery
Moderate
CVE-2012-6708
was published
for
jQuery
(RubyGems)
Sep 1, 2020
Umbraco CMS vulnerable to CSRF
Moderate
CVE-2020-7210
was published
for
UmbracoCMS.Core
(NuGet)
May 24, 2022
GleamTech FileUltimate Cross-site Scripting
Moderate
CVE-2020-15015
was published
for
GleamTech.FileUltimate
(NuGet)
May 24, 2022
Umbraco CMS vulnerable to stored XSS
Moderate
CVE-2018-17256
was published
for
umbraco
(NuGet)
May 14, 2022
Azure SDK for .NET Information Disclosure Vulnerability.
Moderate
CVE-2022-26907
was published
for
Microsoft.Rest.ClientRuntime
(NuGet)
Apr 16, 2022
DNN File Upload Vulnerability
Moderate
CVE-2020-5188
was published
for
DotNetNuke.Core
(NuGet)
May 24, 2022
Umbraco CMS vulnerable to stored XSS
Moderate
CVE-2020-5809
was published
for
UmbracoCms.Core
(NuGet)
May 24, 2022
DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
Moderate
CVE-2013-4649
was published
for
DotNetNuke.Core
(NuGet)
May 17, 2022
DotNetNuke (DNN) Open redirect vulnerability
Moderate
CVE-2013-7335
was published
for
DotNetNuke.Core
(NuGet)
May 17, 2022
DotNetNuke Vulnerable to XSS in Pass-Through Values
Moderate
CVE-2007-0660
was published
for
DotNetNuke.Core
(NuGet)
May 1, 2022
DotNetNuke Default Machine Key Exposure
Moderate
CVE-2008-6540
was published
for
DotNetNuke.Core
(NuGet)
May 14, 2022
Duplicate Advisory: Prototype Pollution in jquery
Moderate
CVE-2019-5428
was published
for
jquery
(RubyGems)
Apr 23, 2019
•
withdrawn
Cross-Site Scripting (XSS) in jquery
Moderate
CVE-2015-9251
was published
for
jQuery
(RubyGems)
Jan 22, 2018
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText
Moderate
CVE-2016-7103
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
Moderate
CVE-2022-31160
was published
for
jQuery.UI.Combined
(RubyGems)
Jul 18, 2022
XSS in `*Text` options of the Datepicker widget in jquery-ui
Moderate
CVE-2021-41183
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
jQuery vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2011-4969
was published
for
jQuery
(RubyGems)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API