Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

154 advisories

Loading
Exposure of Sensitive Information in OPC UA .NET Standard Reference Server Moderate
CVE-2023-31048 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) May 5, 2023
Ajax Pro Cross-site Scripting Moderate
CVE-2023-49289 was published for AjaxNetProfessional (NuGet) Dec 5, 2023
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes Moderate
CVE-2023-48219 was published for TinyMCE (Composer) Nov 15, 2023
masatokinugawa
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin Moderate
CVE-2023-45818 was published for TinyMCE (Composer) Oct 19, 2023
masatokinugawa
Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability Moderate
CVE-2023-36558 was published for Microsoft.AspNetCore.Components (NuGet) Nov 14, 2023
SSCMS vulnerable to Cross Site Scripting Moderate
CVE-2023-2862 was published for SSCMS (NuGet) May 24, 2023
jquery-ui Tooltip widget vulnerable to XSS Moderate
CVE-2012-6662 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content Moderate
CVE-2023-44390 was published for HtmlSanitizer (NuGet) Oct 4, 2023
Yaniv-git
TinyMCE XSS vulnerability in notificationManager.open API Moderate
CVE-2023-45819 was published for TinyMCE (Composer) Oct 19, 2023
philipsinnott
Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free Moderate
CVE-2023-45814 was published for Bunkum (NuGet) Oct 19, 2023
jvyden
Cross Site Scripting (XSS) in Serenity Moderate
CVE-2023-31285 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
User account enumeration in Serenity Moderate
CVE-2023-31286 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
ChakraCore information disclosure vulnerability Moderate
CVE-2017-0208 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
ChakraCore information disclosure vulnerability Moderate
CVE-2017-8659 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
Umbraco CMS vulnerable to stored XSS Moderate
CVE-2017-15279 was published for UmbracoCMS.Web (NuGet) May 17, 2022
Umbraco CMS XXE Vulnerability Moderate
CVE-2017-15280 was published for UmbracoCms.Web (NuGet) May 17, 2022
ChakraCore information disclosure vulnerability Moderate
CVE-2018-8315 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
DNN XSS Vulnerability Moderate
CVE-2018-14486 was published for DotNetNuke.Core (NuGet) May 14, 2022
ChakraCore information disclosure vulnerability Moderate
CVE-2018-8452 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
ChakraCore Security Bypass Moderate
CVE-2018-8276 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
ChakraCore information disclosure vulnerability Moderate
CVE-2018-0939 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
XSS in the `of` option of the `.position()` util in jquery-ui Moderate
CVE-2021-41184 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena A-Fitz-Nelnet
Cross-Site Scripting in jquery Moderate
CVE-2020-7656 was published for jQuery (RubyGems) May 20, 2020
klaudialax
CoreFTP Directory Traversal Moderate
CVE-2019-9648 was published for CoreFtp (NuGet) May 14, 2022
ProTip! Advisories are also available from the GraphQL API