GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
638 advisories
Filter by severity
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
.NET Elevation of Privilege Vulnerability
High
CVE-2024-21409
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Apr 17, 2024
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Moderate
CVE-2024-35218
was published
for
UmbracoCms.Core
(NuGet)
May 21, 2024
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
Low
CVE-2023-49089
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Component takeover in Oracle Data Provider for .NET
High
CVE-2023-21893
was published
for
Oracle.ManagedDataAccess
(NuGet)
Jan 18, 2023
Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-43376
was published
for
Umbraco.Cms.Api.Management
(NuGet)
Aug 20, 2024
Umbraco CMS Improper Access Control vulnerability
Moderate
CVE-2024-43377
was published
for
Umbraco.Cms
(NuGet)
Aug 20, 2024
Integer overflow in the bundled Brotli C library
Moderate
CVE-2020-8927
was published
for
Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm
(NuGet)
May 24, 2022
SixLabors ImageSharp has Excessive Memory Allocation in Gif Decoder
Moderate
CVE-2024-41132
was published
for
SixLabors.ImageSharp
(NuGet)
Jul 22, 2024
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Moderate
CVE-2024-29857
was published
for
BouncyCastle
(Maven)
May 14, 2024
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
Moderate
CVE-2024-30172
was published
for
BouncyCastle
(Maven)
May 14, 2024
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
Moderate
CVE-2024-30171
was published
for
BouncyCastle
(Maven)
May 14, 2024
Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json
High
GHSA-8rfx-6mr3-5jh3
was published
for
Newtonsoft.Json
(NuGet)
Jan 3, 2024
•
withdrawn
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
Serilog Client IP Spoofing vulnerability
Moderate
CVE-2024-44930
was published
for
Serilog.Enrichers.ClientInfo
(NuGet)
Aug 29, 2024
CRLF Injection in RestSharp's `RestRequest.AddHeader` method
Moderate
CVE-2024-45302
was published
for
RestSharp
(NuGet)
Aug 29, 2024
FullStackHero's WebAPI Boilerplate host header injection vulnerability
Moderate
CVE-2024-26470
was published
for
FullStackHero.WebAPI.Boilerplate
(NuGet)
Feb 29, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6484
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
CLSA Directory Traversal vulnerability
Critical
CVE-2024-28698
was published
for
Csla
(NuGet)
Jul 22, 2024
Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability
High
CVE-2024-38168
was published
for
Microsoft.AspNetCore.App.Runtime.win-arm
(NuGet)
Aug 13, 2024
Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability
Moderate
CVE-2024-38167
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Aug 13, 2024
Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability
High
CVE-2024-30105
was published
for
System.Text.Json
(NuGet)
Jul 9, 2024
tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
High
CVE-2024-41799
was published
for
Tgstation.Server.Api
(NuGet)
Jul 29, 2024
Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability
High
CVE-2024-38095
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Jul 9, 2024
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability
High
CVE-2024-35264
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Jul 9, 2024
ProTip!
Advisories are also available from the
GraphQL API