Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

167 advisories

Loading
Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader Moderate
GHSA-3w9w-9833-gcpv was published for directxtex_desktop_2019 (NuGet) Jan 26, 2023
Cross-site scripting vulnerability in TinyMCE alerts Moderate
CVE-2022-23494 was published for TinyMCE (Composer) Dec 8, 2022
P4rkJW
DSInternals Credential Roaming Elevation of Privilege Vulnerability Moderate
GHSA-vx2x-9cff-fhjw was published for DSInternals.Common (NuGet) Dec 6, 2022
Remote code execution vulnerability in dependency System.Drawing.Common Moderate
GHSA-gpv5-rp6w-58r8 was published for Akka (NuGet) Nov 22, 2022
petrikero
.NET Information Disclosure Vulnerability Moderate
CVE-2022-41064 was published for Microsoft.Data.SqlClient (NuGet) Nov 8, 2022
shanrath grvillic
.NET Core Information Disclosure Vulnerability Moderate
CVE-2021-34485 was published for Microsoft.NETCore.App (NuGet) Oct 20, 2022
.NET Remote Code Execution Vulnerability Moderate
CVE-2022-24512 was published for Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm (NuGet) Oct 18, 2022
OrchardCore vulnerable to HTML injection Moderate
CVE-2022-32173 was published for OrchardCore (NuGet) Oct 4, 2022
DNN vulnerable to Relative Path Traversal Moderate
CVE-2022-2922 was published for DotNetNuke.Core (NuGet) Oct 1, 2022
Exposure of Sensitive Information in OPCFoundation.NetStandard.Opc.Ua.Server Moderate
CVE-2022-33916 was published for OPCFoundation.NetStandard.Opc.Ua.Server (NuGet) Aug 24, 2022
mregen
Duplicate Advisory: .NET Information Disclosure Vulnerability Moderate
GHSA-2m65-m22p-9wjw was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Aug 10, 2022 withdrawn
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label Moderate
CVE-2022-31160 was published for jQuery.UI.Combined (RubyGems) Jul 18, 2022
Elkano
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library Moderate
CVE-2022-30187 was published for Azure.Storage.Blobs (Maven) Jul 13, 2022
andrewpollock
Potential leak of NuGet.org API key Moderate
CVE-2022-30184 was published for NuGet.CommandLine (NuGet) Jun 14, 2022
JarLob
Cross site scripting in SSCMS Moderate
CVE-2022-30349 was published for SSCMS (NuGet) Jun 3, 2022
Weak private key generation in SSH.NET Moderate
CVE-2022-29245 was published for SSH.NET (NuGet) Jun 1, 2022
yaumn-synacktiv
Cross-site Scripting in ZKEACMS Moderate
CVE-2022-29362 was published for ZKEACMS.Publisher (NuGet) May 26, 2022
Cross site scripting in SiteServer CMS Moderate
CVE-2021-42656 was published for SSCMS (NuGet) May 25, 2022
NuGet Package Manager Tampering Vulnerability Moderate
CVE-2019-0976 was published for NuGet.Commands (NuGet) May 24, 2022
JarLob
Elevation of privilege in ASP.NET Core Moderate
CVE-2019-1302 was published for Microsoft.AspNetCore.SpaServices (NuGet) May 24, 2022
leecow
Cross site scripting attack in ServiceStack Framework Moderate
CVE-2019-1010199 was published for ServiceStack (NuGet) May 24, 2022
jhutchings1
MongoDB C# Driver Risk of Exposing Authentication Data via Command Listener Moderate
CVE-2021-20331 was published for mongodb.driver (NuGet) May 24, 2022
AlmogApiiro
Denial of service in .NET core Moderate
CVE-2021-1721 was published for Microsoft.NETCore.App (NuGet) May 24, 2022
Umbraco CMS vulnerable to stored XSS Moderate
CVE-2020-5809 was published for UmbracoCms.Core (NuGet) May 24, 2022
Integer overflow in the bundled Brotli C library Moderate
CVE-2020-8927 was published for Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm (NuGet) May 24, 2022
ProTip! Advisories are also available from the GraphQL API