GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
154 advisories
Filter by severity
ChakraCore information disclosure vulnerability
Moderate
CVE-2019-0648
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
Cross-site Scripting in jquery-ui
Moderate
CVE-2010-5312
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
jquery
(RubyGems)
Apr 29, 2020
XSS in the `altField` option of the Datepicker widget in jquery-ui
Moderate
CVE-2021-41182
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
jQuery vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2011-4969
was published
for
jQuery
(RubyGems)
May 14, 2022
XSS in `*Text` options of the Datepicker widget in jquery-ui
Moderate
CVE-2021-41183
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
Moderate
CVE-2022-31160
was published
for
jQuery.UI.Combined
(RubyGems)
Jul 18, 2022
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText
Moderate
CVE-2016-7103
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
Cross-Site Scripting (XSS) in jquery
Moderate
CVE-2015-9251
was published
for
jQuery
(RubyGems)
Jan 22, 2018
Duplicate Advisory: Prototype Pollution in jquery
Moderate
CVE-2019-5428
was published
for
jquery
(RubyGems)
Apr 23, 2019
•
withdrawn
DotNetNuke Default Machine Key Exposure
Moderate
CVE-2008-6540
was published
for
DotNetNuke.Core
(NuGet)
May 14, 2022
DotNetNuke Vulnerable to XSS in Pass-Through Values
Moderate
CVE-2007-0660
was published
for
DotNetNuke.Core
(NuGet)
May 1, 2022
DotNetNuke (DNN) Open redirect vulnerability
Moderate
CVE-2013-7335
was published
for
DotNetNuke.Core
(NuGet)
May 17, 2022
DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
Moderate
CVE-2013-4649
was published
for
DotNetNuke.Core
(NuGet)
May 17, 2022
Umbraco CMS vulnerable to stored XSS
Moderate
CVE-2020-5809
was published
for
UmbracoCms.Core
(NuGet)
May 24, 2022
DNN File Upload Vulnerability
Moderate
CVE-2020-5188
was published
for
DotNetNuke.Core
(NuGet)
May 24, 2022
Azure SDK for .NET Information Disclosure Vulnerability.
Moderate
CVE-2022-26907
was published
for
Microsoft.Rest.ClientRuntime
(NuGet)
Apr 16, 2022
Umbraco CMS vulnerable to stored XSS
Moderate
CVE-2018-17256
was published
for
umbraco
(NuGet)
May 14, 2022
GleamTech FileUltimate Cross-site Scripting
Moderate
CVE-2020-15015
was published
for
GleamTech.FileUltimate
(NuGet)
May 24, 2022
Umbraco CMS vulnerable to CSRF
Moderate
CVE-2020-7210
was published
for
UmbracoCMS.Core
(NuGet)
May 24, 2022
Cross-Site Scripting in jquery
Moderate
CVE-2012-6708
was published
for
jQuery
(RubyGems)
Sep 1, 2020
Server side request forgery in SwaggerUI
Moderate
GHSA-qrmm-w75w-3wpx
was published
for
Swashbuckle.AspNetCore.SwaggerUI
(npm)
Dec 9, 2021
Timing based private key exposure in Bouncy Castle
Moderate
CVE-2020-15522
was published
for
BouncyCastle
(Maven)
Aug 13, 2021
Directory Traversal in SharpCompress
Moderate
CVE-2018-1002206
was published
for
sharpcompress
(NuGet)
Sep 11, 2019
ProTip!
Advisories are also available from the
GraphQL API