GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,774
Maven
5,000
npm
3,541
NuGet
617
pip
3,123
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
404 advisories
Filter by severity
Mimekit has vulnerable dependency that can lead to denial of service
High
GHSA-gmc6-fwg3-75m5
was published
for
MimeKit
(NuGet)
Jul 11, 2024
Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability
High
CVE-2024-38095
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Jul 9, 2024
Microsoft Security Advisory CVE-2024-38081 | .NET Denial of Service Vulnerability
High
CVE-2024-38081
was published
for
Microsoft.IO.Redist
(NuGet)
Jul 9, 2024
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability
High
CVE-2024-35264
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Jul 9, 2024
Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability
High
CVE-2024-30105
was published
for
System.Text.Json
(NuGet)
Jul 9, 2024
OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability
High
CVE-2024-33862
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Jul 6, 2024
Azure Storage Movement Client Library Denial of Service Vulnerability
High
CVE-2024-35252
was published
for
Microsoft.Azure.Storage.DataMovement
(NuGet)
Jun 11, 2024
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
High
CVE-2024-32655
was published
for
Npgsql
(NuGet)
May 9, 2024
.NET Elevation of Privilege Vulnerability
High
CVE-2024-21409
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Apr 17, 2024
WiX based installers are vulnerable to binary hijack when run as SYSTEM
High
CVE-2024-29187
was published
for
WixToolset.Sdk
(NuGet)
Mar 25, 2024
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
High
CVE-2024-29188
was published
for
WixToolset.Util.wixext
(NuGet)
Mar 25, 2024
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
High
GHSA-g4v6-69p6-q3p4
was published
for
PanelSwWix4.Sdk
(NuGet)
Mar 25, 2024
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
High
GHSA-wq88-fq4x-h2pm
was published
for
PanelSW.Custom.WiX
(NuGet)
Mar 25, 2024
CoreWCF NetFraming based services can leave connections open when they should be closed
High
CVE-2024-28252
was published
for
CoreWCF.NetFramingBase
(NuGet)
Mar 15, 2024
Remote Denial of Service Vulnerability in Microsoft QUIC
High
GHSA-2x7m-gf85-3745
was published
for
Microsoft.Native.Quic.MsQuic.OpenSSL
(NuGet)
Mar 13, 2024
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability
High
CVE-2024-21392
was published
for
Microsoft.NETCore.App.Runtime.linux-arm
(NuGet)
Mar 12, 2024
Use After Free in SixLabors.ImageSharp
High
CVE-2024-27929
was published
for
SixLabors.ImageSharp
(NuGet)
Mar 5, 2024
Duplicate Advisory: Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
High
GHSA-32q7-gv7f-4cg5
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Feb 13, 2024
•
withdrawn
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
GHSA-8v28-3g86-chj5
was published
for
PanelSwWix4.Sdk
(NuGet)
Feb 8, 2024
Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
GHSA-259p-rvjx-ffwg
was published
for
PanelSW.Custom.WiX
(NuGet)
Feb 8, 2024
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
CVE-2024-24810
was published
for
wix
(NuGet)
Feb 8, 2024
PowerShell is subject to remote code execution vulnerability
High
GHSA-jcmq-5rrv-j2g4
was published
for
PowerShell
(NuGet)
Feb 2, 2024
TrueLayer.Client SSRF when fetching payment or payment provider
High
CVE-2024-23838
was published
for
TrueLayer.Client
(NuGet)
Jan 30, 2024
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass
High
CVE-2024-0056
was published
for
Microsoft.Data.SqlClient
(NuGet)
Jan 9, 2024
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
High
CVE-2024-21643
was published
for
Microsoft.IdentityModel.Protocols.SignedHttpRequest
(NuGet)
Jan 9, 2024
ProTip!
Advisories are also available from the
GraphQL API