GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
619 advisories
Filter by severity
.NET Remote Code Execution vulnerability
High
CVE-2023-28260
was published
for
Microsoft.NetCore.App.Runtime.win-arm
(NuGet)
Apr 11, 2023
Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer
High
CVE-2023-28638
was published
for
Snappier
(NuGet)
Mar 27, 2023
LiteDB may deserialize bad JSON on object type using _type
Critical
CVE-2022-23535
was published
for
LiteDB
(NuGet)
Feb 24, 2023
MongoDB .NET/C# Driver vulnerable to Deserialization of Untrusted Data
High
CVE-2022-48282
was published
for
MongoDB.Driver
(NuGet)
Feb 21, 2023
.NET Remote Code Execution Vulnerability
High
CVE-2023-21808
was published
for
Microsoft.NetCore.App.Runtime.win-arm
(NuGet)
Feb 14, 2023
Withdrawn Advisory: HTML injections in BTCPayServer
High
CVE-2023-0493
was published
for
BTCPayServer.Client
(NuGet)
Jan 27, 2023
•
withdrawn
Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader
Moderate
GHSA-3w9w-9833-gcpv
was published
for
directxtex_desktop_2019
(NuGet)
Jan 26, 2023
Component takeover in Oracle Data Provider for .NET
High
CVE-2023-21893
was published
for
Oracle.ManagedDataAccess
(NuGet)
Jan 18, 2023
.NET Denial of Service Vulnerability
High
CVE-2023-21538
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Jan 10, 2023
EnumStringValues vulnerable to Uncontrolled Resource Consumption
Low
CVE-2020-36620
was published
for
EnumStringValues
(NuGet)
Dec 21, 2022
DNS NuGet package uses insufficiently random values
Critical
CVE-2021-4248
was published
for
DNS
(NuGet)
Dec 18, 2022
.NET Remote Code Execution Vulnerability
High
CVE-2022-41089
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Dec 14, 2022
Duplicate Advisory: .NET Framework Remote Code Execution Vulnerability.
High
GHSA-9qcm-fqj9-93m4
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-x64
(NuGet)
Dec 13, 2022
•
withdrawn
Cross-site scripting vulnerability in TinyMCE alerts
Moderate
CVE-2022-23494
was published
for
TinyMCE
(Composer)
Dec 8, 2022
DSInternals Credential Roaming Elevation of Privilege Vulnerability
Moderate
GHSA-vx2x-9cff-fhjw
was published
for
DSInternals.Common
(NuGet)
Dec 6, 2022
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
Remote code execution vulnerability in dependency System.Drawing.Common
Moderate
GHSA-gpv5-rp6w-58r8
was published
for
Akka
(NuGet)
Nov 22, 2022
.NET Information Disclosure Vulnerability
Moderate
CVE-2022-41064
was published
for
Microsoft.Data.SqlClient
(NuGet)
Nov 8, 2022
.NET Core Elevation of Privilege Vulnerability
High
CVE-2021-26423
was published
for
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64
(NuGet)
Oct 25, 2022
.NET Denial of Service Vulnerability
High
CVE-2022-23267
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Oct 21, 2022
.NET Denial of Service Vulnerability
High
CVE-2022-24464
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Oct 21, 2022
.NET Denial of Service Vulnerability
High
CVE-2022-21986
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Oct 21, 2022
.NET Core Information Disclosure Vulnerability
Moderate
CVE-2021-34485
was published
for
Microsoft.NETCore.App
(NuGet)
Oct 20, 2022
.NET Remote Code Execution Vulnerability
Moderate
CVE-2022-24512
was published
for
Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm
(NuGet)
Oct 18, 2022
NuGet Elevation of Privilege Vulnerability
High
CVE-2022-41032
was published
for
NuGet.CommandLine
(NuGet)
Oct 11, 2022
ProTip!
Advisories are also available from the
GraphQL API