Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,780
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+

619 advisories

Loading
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges High
CVE-2024-24810 was published for wix (NuGet) Feb 8, 2024
ppv-milestone robmen
CuteSoft CuteEditor Path Traversal vulnerability Moderate
CVE-2009-4665 was published for CuteEditor (NuGet) May 2, 2022
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges High
GHSA-8v28-3g86-chj5 was published for PanelSwWix4.Sdk (NuGet) Feb 8, 2024
Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges High
GHSA-259p-rvjx-ffwg was published for PanelSW.Custom.WiX (NuGet) Feb 8, 2024
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability High
CVE-2024-21643 was published for Microsoft.IdentityModel.Protocols.SignedHttpRequest (NuGet) Jan 9, 2024
rymeskar brentschmaltz
GeoK keegan-caruso jmprieur jennyf19 TimHannMSFT
PowerShell is subject to remote code execution vulnerability High
GHSA-jcmq-5rrv-j2g4 was published for PowerShell (NuGet) Feb 2, 2024
TrueLayer.Client SSRF when fetching payment or payment provider High
CVE-2024-23838 was published for TrueLayer.Client (NuGet) Jan 30, 2024
foldedbits
MongoDB C# Driver Risk of Exposing Authentication Data via Command Listener Moderate
CVE-2021-20331 was published for mongodb.driver (NuGet) May 24, 2022
AlmogApiiro
Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2010-1459 was published for mono (NuGet) May 2, 2022
Privilege Escalation using Spoofing Moderate
CVE-2023-49273 was published for Umbraco.CMS (NuGet) Dec 13, 2023
jerpenol
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email. Low
CVE-2023-49274 was published for Umbraco.CMS (NuGet) Dec 13, 2023
emmagarland
Backoffice User can bypass "Publish" restriction Low
CVE-2023-48227 was published for Umbraco.CMS (NuGet) Dec 13, 2023
roie-shmuel
Using the directory back payload (“/../”) in a package name allows placement of package in other folders. Low
CVE-2023-49089 was published for Umbraco.CMS (NuGet) Dec 13, 2023
Brute force exploit can be used to collect valid usernames Low
CVE-2023-49278 was published for Umbraco.CMS (NuGet) Dec 13, 2023
Possible injection of HTML into user invite mails Low
CVE-2023-38694 was published for Umbraco.CMS (NuGet) Dec 13, 2023
ASP.NET Core Denial of Service Vulnerability High
CVE-2020-1597 was published for Microsoft.AspNetCore.All (NuGet) May 24, 2022
Cookie parsing failure High
CVE-2020-1045 was published for Microsoft.AspNetCore.App (NuGet) May 24, 2022
GeorgeHady skofman1
Tratcher
libwebp: OOB write in BuildHuffmanTable High
CVE-2023-4863 was published for Pillow (Go) Sep 12, 2023
delroth Nachtalb
pshelton-skype
.NET Core Remote Code Execution Vulnerability Critical
CVE-2021-26701 was published for System.Text.Encodings.Web (NuGet) Apr 21, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21908 was published for TinyMCE (Composer) Oct 22, 2021
Cross-site scripting vulnerability in TinyMCE plugins Moderate
CVE-2024-21910 was published for TinyMCE (Composer) Nov 2, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21911 was published for TinyMCE (Composer) Jan 6, 2021
emilwareus
Denial of service in CBOR library High
CVE-2024-21909 was published for PeterO.Cbor (NuGet) Jan 21, 2022
Duplicate Advisory: Denial of service in CBOR library High
GHSA-hf3r-vmrv-7w29 was published for PeterO.Cbor (NuGet) Jan 3, 2024 withdrawn
Improper Handling of Exceptional Conditions in Newtonsoft.Json High
CVE-2024-21907 was published for Newtonsoft.Json (NuGet) Jun 22, 2022
ezsilmar JamesNK
ProTip! Advisories are also available from the GraphQL API