GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
609 advisories
Filter by severity
Path Traversal: 'dir/../../filename' in moment.locale
High
CVE-2022-24785
was published
for
Moment.js
(npm)
Apr 4, 2022
Moment.js vulnerable to Inefficient Regular Expression Complexity
High
CVE-2022-31129
was published
for
Moment.js
(npm)
Jul 6, 2022
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Moderate
CVE-2023-48219
was published
for
TinyMCE
(Composer)
Nov 15, 2023
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Moderate
CVE-2023-45818
was published
for
TinyMCE
(Composer)
Oct 19, 2023
Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability
Moderate
CVE-2023-36558
was published
for
Microsoft.AspNetCore.Components
(NuGet)
Nov 14, 2023
Remote Code Execution in AjaxNetProfessional
Critical
CVE-2021-23758
was published
for
AjaxNetProfessional
(NuGet)
Dec 16, 2021
.NET Remote Code Execution Vulnerability
High
CVE-2023-24895
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Jun 14, 2023
Microsoft Security Advisory CVE-2023-33126: .NET Remote Code Execution Vulnerability
High
CVE-2023-33126
was published
for
Microsoft.NetCore.App.Runtime.win-arm
(NuGet)
Jun 14, 2023
.NET Elevation of Privilege Vulnerability
High
CVE-2023-24936
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Jun 14, 2023
Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability
High
CVE-2023-36796
was published
for
Microsoft.NETCore.App.Runtime.win-arm64
(NuGet)
Sep 12, 2023
Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability
High
CVE-2023-36792
was published
for
Microsoft.NETCore.App.Runtime.win-arm64
(NuGet)
Sep 12, 2023
Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability
High
CVE-2023-36794
was published
for
Microsoft.NETCore.App.Runtime.win-arm64
(NuGet)
Sep 12, 2023
Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability
High
CVE-2023-36793
was published
for
Microsoft.NETCore.App.Runtime.win-arm64
(NuGet)
Sep 12, 2023
ChakraCore RCE Vulnerability
High
CVE-2016-3386
was published
for
Microsoft.ChakraCore
(NuGet)
May 14, 2022
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation
High
CVE-2023-41890
was published
for
Sustainsys.Saml2
(NuGet)
Sep 20, 2023
SSCMS vulnerable to Cross Site Scripting
Moderate
CVE-2023-2862
was published
for
SSCMS
(NuGet)
May 24, 2023
Duplicate Advisory: .NET Framework Remote Code Execution Vulnerability.
High
GHSA-9qcm-fqj9-93m4
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-x64
(NuGet)
Dec 13, 2022
•
withdrawn
jquery-ui Tooltip widget vulnerable to XSS
Moderate
CVE-2012-6662
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
Moderate
CVE-2023-44390
was published
for
HtmlSanitizer
(NuGet)
Oct 4, 2023
Directory traversal + file write causing arbitrary code execution
High
CVE-2023-30626
was published
for
Jellyfin.Controller
(NuGet)
Apr 24, 2023
Dynamic Linq vulnerable to remote code execution
Critical
CVE-2023-32571
was published
for
System.Linq.Dynamic.Core
(NuGet)
Jun 22, 2023
TinyMCE XSS vulnerability in notificationManager.open API
Moderate
CVE-2023-45819
was published
for
TinyMCE
(Composer)
Oct 19, 2023
Snowflake Connector .Net Command Injection
High
CVE-2023-34230
was published
for
Snowflake.Data
(NuGet)
Jun 9, 2023
Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free
Moderate
CVE-2023-45814
was published
for
Bunkum
(NuGet)
Oct 19, 2023
ProTip!
Advisories are also available from the
GraphQL API