GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,774
Maven
5,000
npm
3,541
NuGet
617
pip
3,123
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
404 advisories
Filter by severity
Remote code execution in ChakraCore
High
CVE-2020-1180
was published
for
Microsoft.ChakraCore
(NuGet)
Aug 2, 2021
Path Traversal in elFinder.Net.Core
High
CVE-2021-23407
was published
for
elFinder.Net.Core
(NuGet)
Aug 2, 2021
Regular Expression Denial of Service in System.Text.RegularExpressions
High
CVE-2019-0820
was published
for
System.Text.RegularExpressions
(NuGet)
Aug 4, 2021
Directory Traversal in elFinder.AspNet
High
CVE-2021-23415
was published
for
elFinder.AspNet
(NuGet)
Aug 9, 2021
Path traversal in elFinder.NetCore
High
CVE-2021-23428
was published
for
elFinder.NetCore
(NuGet)
Sep 2, 2021
ASP.NET Core Denial of Service Vulnerability
High
CVE-2021-31957
was published
for
Microsoft.NETCore.App.Ref
(NuGet)
Oct 6, 2021
•
withdrawn
Missing Authorization with Default Settings in Dashboard UI
High
CVE-2021-41238
was published
for
Hangfire.Core
(NuGet)
Nov 3, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries
High
GHSA-9wx7-jrvc-28mm
was published
for
com.starkbank:ecdsa-java
(Maven)
Nov 8, 2021
Cross-Site Request Forgery in PiranhaCMS
High
CVE-2021-25976
was published
for
Piranha
(NuGet)
Nov 17, 2021
AjaxNetProfessional deserializes arbitrary JavaScript objects
High
CVE-2021-43853
was published
for
AjaxNetProfessional
(NuGet)
Jan 6, 2022
Allocation of Resources Without Limits or Throttling in Apache Avro
High
CVE-2021-43045
was published
for
Apache.Avro
(NuGet)
Jan 8, 2022
Umbraco ApplicationURL Overwrite
High
CVE-2022-22690
was published
for
Umbraco.Cms.Core
(NuGet)
Jan 21, 2022
Umbraco Persistent Password Reset Poison
High
CVE-2022-22691
was published
for
Umbraco.Cms.Core
(NuGet)
Jan 21, 2022
Denial of service in CBOR library
High
CVE-2024-21909
was published
for
PeterO.Cbor
(NuGet)
Jan 21, 2022
NULL Pointer Dereference in Protocol Buffers
High
CVE-2021-22570
was published
for
Google.Protobuf
(Composer)
Jan 27, 2022
Use after free in Animation
High
CVE-2022-0609
was published
for
CefSharp.Common
(NuGet)
Feb 22, 2022
Server side request forgery in C1 CMS
High
CVE-2022-24789
was published
for
C1CMS.Assemblies
(NuGet)
Mar 30, 2022
Path Traversal: 'dir/../../filename' in moment.locale
High
CVE-2022-24785
was published
for
Moment.js
(npm)
Apr 4, 2022
Infinite loop in .Net Bond
High
CVE-2020-1469
was published
for
Bond.Core.CSharp
(NuGet)
Apr 8, 2022
Improper Certificate Validation
High
CVE-2017-11770
was published
for
Microsoft.NETCore.App
(NuGet)
Apr 12, 2022
YARP Denial of Service Vulnerability
High
CVE-2022-26924
was published
for
Yarp.ReverseProxy
(NuGet)
Apr 22, 2022
Code Injection in Masuit.Tools.Core
High
CVE-2022-21167
was published
for
Masuit.Tools.Core
(NuGet)
May 3, 2022
protobuf susceptible to buffer overflow
High
CVE-2015-5237
was published
for
Google.Protobuf
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API