GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
154 advisories
Filter by severity
Exposure of Sensitive Information in OPC UA .NET Standard Reference Server
Moderate
CVE-2023-31048
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
May 5, 2023
Ajax Pro Cross-site Scripting
Moderate
CVE-2023-49289
was published
for
AjaxNetProfessional
(NuGet)
Dec 5, 2023
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Moderate
CVE-2023-48219
was published
for
TinyMCE
(Composer)
Nov 15, 2023
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Moderate
CVE-2023-45818
was published
for
TinyMCE
(Composer)
Oct 19, 2023
Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability
Moderate
CVE-2023-36558
was published
for
Microsoft.AspNetCore.Components
(NuGet)
Nov 14, 2023
SSCMS vulnerable to Cross Site Scripting
Moderate
CVE-2023-2862
was published
for
SSCMS
(NuGet)
May 24, 2023
jquery-ui Tooltip widget vulnerable to XSS
Moderate
CVE-2012-6662
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
Moderate
CVE-2023-44390
was published
for
HtmlSanitizer
(NuGet)
Oct 4, 2023
TinyMCE XSS vulnerability in notificationManager.open API
Moderate
CVE-2023-45819
was published
for
TinyMCE
(Composer)
Oct 19, 2023
Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free
Moderate
CVE-2023-45814
was published
for
Bunkum
(NuGet)
Oct 19, 2023
Cross Site Scripting (XSS) in Serenity
Moderate
CVE-2023-31285
was published
for
Serenity.Net.Core
(NuGet)
Apr 27, 2023
User account enumeration in Serenity
Moderate
CVE-2023-31286
was published
for
Serenity.Net.Core
(NuGet)
Apr 27, 2023
ChakraCore information disclosure vulnerability
Moderate
CVE-2017-0208
was published
for
Microsoft.ChakraCore
(NuGet)
May 17, 2022
ChakraCore information disclosure vulnerability
Moderate
CVE-2017-8659
was published
for
Microsoft.ChakraCore
(NuGet)
May 17, 2022
Umbraco CMS vulnerable to stored XSS
Moderate
CVE-2017-15279
was published
for
UmbracoCMS.Web
(NuGet)
May 17, 2022
Umbraco CMS XXE Vulnerability
Moderate
CVE-2017-15280
was published
for
UmbracoCms.Web
(NuGet)
May 17, 2022
ChakraCore information disclosure vulnerability
Moderate
CVE-2018-8315
was published
for
Microsoft.ChakraCore
(NuGet)
May 14, 2022
DNN XSS Vulnerability
Moderate
CVE-2018-14486
was published
for
DotNetNuke.Core
(NuGet)
May 14, 2022
ChakraCore information disclosure vulnerability
Moderate
CVE-2018-8452
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
ChakraCore Security Bypass
Moderate
CVE-2018-8276
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
ChakraCore information disclosure vulnerability
Moderate
CVE-2018-0939
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
XSS in the `of` option of the `.position()` util in jquery-ui
Moderate
CVE-2021-41184
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
Cross-Site Scripting in jquery
Moderate
CVE-2020-7656
was published
for
jQuery
(RubyGems)
May 20, 2020
ProTip!
Advisories are also available from the
GraphQL API