GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
609 advisories
Filter by severity
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
Critical
CVE-2024-21386
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Feb 13, 2024
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability
High
CVE-2024-21392
was published
for
Microsoft.NETCore.App.Runtime.linux-arm
(NuGet)
Mar 12, 2024
CoreWCF NetFraming based services can leave connections open when they should be closed
High
CVE-2024-28252
was published
for
CoreWCF.NetFramingBase
(NuGet)
Mar 15, 2024
Remote Denial of Service Vulnerability in Microsoft QUIC
High
GHSA-2x7m-gf85-3745
was published
for
Microsoft.Native.Quic.MsQuic.OpenSSL
(NuGet)
Mar 13, 2024
Use After Free in SixLabors.ImageSharp
High
CVE-2024-27929
was published
for
SixLabors.ImageSharp
(NuGet)
Mar 5, 2024
FullStackHero's WebAPI Boilerplate host header injection vulnerability
Moderate
CVE-2024-26470
was published
for
FullStackHero.WebAPI.Boilerplate
(NuGet)
Feb 29, 2024
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core
Moderate
CVE-2017-0248
was published
for
Microsoft.AspNetCore.Mvc
(NuGet)
Oct 16, 2018
Cross-site Scripting in Serenity
Moderate
CVE-2024-26318
was published
for
@serenity-is/corelib
(npm)
Feb 19, 2024
Heap buffer overflow in CefSharp
Moderate
CVE-2020-15999
was published
for
CefSharp.Common
(NuGet)
Oct 27, 2020
Apache log4net format string vulnerability causes DoS
Moderate
CVE-2006-0743
was published
for
log4net
(NuGet)
May 1, 2022
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
CVE-2024-24810
was published
for
wix
(NuGet)
Feb 8, 2024
CuteSoft CuteEditor Path Traversal vulnerability
Moderate
CVE-2009-4665
was published
for
CuteEditor
(NuGet)
May 2, 2022
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
GHSA-8v28-3g86-chj5
was published
for
PanelSwWix4.Sdk
(NuGet)
Feb 8, 2024
Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
GHSA-259p-rvjx-ffwg
was published
for
PanelSW.Custom.WiX
(NuGet)
Feb 8, 2024
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
High
CVE-2024-21643
was published
for
Microsoft.IdentityModel.Protocols.SignedHttpRequest
(NuGet)
Jan 9, 2024
PowerShell is subject to remote code execution vulnerability
High
GHSA-jcmq-5rrv-j2g4
was published
for
PowerShell
(NuGet)
Feb 2, 2024
TrueLayer.Client SSRF when fetching payment or payment provider
High
CVE-2024-23838
was published
for
TrueLayer.Client
(NuGet)
Jan 30, 2024
MongoDB C# Driver Risk of Exposing Authentication Data via Command Listener
Moderate
CVE-2021-20331
was published
for
mongodb.driver
(NuGet)
May 24, 2022
Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2010-1459
was published
for
mono
(NuGet)
May 2, 2022
Privilege Escalation using Spoofing
Moderate
CVE-2023-49273
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
Low
CVE-2023-49274
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Backoffice User can bypass "Publish" restriction
Low
CVE-2023-48227
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
Low
CVE-2023-49089
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Brute force exploit can be used to collect valid usernames
Low
CVE-2023-49278
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
ProTip!
Advisories are also available from the
GraphQL API