Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

661 advisories

Loading
Duplicate Advisory: .NET and Visual Studio Denial of Service Vulnerability High
GHSA-wmm6-pgp8-29hg was published for System.Formats.Nrbf (NuGet) Nov 12, 2024 withdrawn
DotNetZip Directory Traversal vulnerability High
CVE-2024-48510 was published for DotNetZip (NuGet) Nov 13, 2024
.NET Remote Code Execution Vulnerability Low
CVE-2024-43498 was published for System.Formats.Nrbf (NuGet) Nov 12, 2024
Duplicate Advisory: .NET and Visual Studio Remote Code Execution Vulnerability Critical
GHSA-8rxm-6783-qh55 was published for System.Formats.Nrbf (NuGet) Nov 12, 2024 withdrawn
.NET Denial of Service Vulnerability Low
CVE-2024-43499 was published for System.Formats.Nrbf (NuGet) Nov 12, 2024
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API Low
CVE-2024-48925 was published for Umbraco.CMS (NuGet) Oct 22, 2024
thanhlam-attt
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes Critical
CVE-2024-51501 was published for Refit (NuGet) Nov 4, 2024
sofiaml glennawatson
HTTP Client uses incorrect token after refresh Moderate
CVE-2024-51987 was published for Duende.AccessTokenManagement.OpenIdConnect (NuGet) Nov 7, 2024
natelaff
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop Moderate
CVE-2024-30172 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11022 was published for jquery (RubyGems) Apr 29, 2020
masatokinugawa Churro
Rudloff
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax eoftedal
Rudloff
Umbraco CMS Cross-site Scripting vulnerability Low
CVE-2024-10761 was published for Umbraco.Cms.Core (NuGet) Nov 4, 2024
Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability High
CVE-2024-43383 was published for Lucene.Net.Replicator (NuGet) Oct 31, 2024
ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected Moderate
CVE-2024-50353 was published for ICG.AspNetCore.Utilities.CloudStorage (NuGet) Oct 30, 2024
mitchelsellers
MPXJ has a Potential Path Traversal Vulnerability Moderate
CVE-2024-49771 was published for MPXJ.Net (RubyGems) Oct 28, 2024
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs Low
CVE-2024-49755 was published for Duende.IdentityServer (NuGet) Oct 28, 2024
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label Moderate
CVE-2022-31160 was published for jQuery.UI.Combined (RubyGems) Jul 18, 2022
Elkano c960657
Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability High
CVE-2024-43485 was published for System.Text.Json (NuGet) Oct 8, 2024
rbhanda markusschaber
Umbraco CMS logout page displayed before session expiration Moderate
CVE-2024-48926 was published for Umbraco.CMS (NuGet) Oct 22, 2024
TRexStark
Security Update for the OPC UA .NET Standard Stack Moderate
CVE-2024-45526 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Oct 18, 2024
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out Moderate
CVE-2024-48929 was published for Umbraco.CMS (NuGet) Oct 22, 2024
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice Moderate
CVE-2024-48927 was published for Umbraco.Cms (NuGet) Oct 22, 2024
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section Moderate
CVE-2024-47819 was published for @umbraco-cms/backoffice (npm) Oct 22, 2024
DuongPhamm
NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022
joshbressers
protobuf susceptible to buffer overflow High
CVE-2015-5237 was published for Google.Protobuf (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database