GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,715
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
415 advisories
Filter by severity
DotNetZip Directory Traversal vulnerability
High
CVE-2024-48510
was published
for
DotNetZip
(NuGet)
Nov 13, 2024
Duplicate Advisory: .NET and Visual Studio Denial of Service Vulnerability
High
GHSA-wmm6-pgp8-29hg
was published
for
System.Formats.Nrbf
(NuGet)
Nov 12, 2024
•
withdrawn
Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability
High
CVE-2024-43383
was published
for
Lucene.Net.Replicator
(NuGet)
Oct 31, 2024
Security Update for the OPC UA .NET Standard Stack
High
GHSA-qm9f-c3v9-wphv
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 18, 2024
Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability
High
CVE-2024-43485
was published
for
System.Text.Json
(NuGet)
Oct 8, 2024
Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability
High
CVE-2024-43484
was published
for
System.IO.Packaging
(NuGet)
Oct 8, 2024
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability
High
CVE-2024-43483
was published
for
Microsoft.Extensions.Caching.Memory
(NuGet)
Oct 8, 2024
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability
High
CVE-2024-38229
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Oct 8, 2024
Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability
High
CVE-2024-38168
was published
for
Microsoft.AspNetCore.App.Runtime.win-arm
(NuGet)
Aug 13, 2024
tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
High
CVE-2024-41799
was published
for
Tgstation.Server.Api
(NuGet)
Jul 29, 2024
SixLabors ImageSharp Out-of-bounds Write
High
CVE-2024-41131
was published
for
SixLabors.ImageSharp
(NuGet)
Jul 22, 2024
Mimekit has vulnerable dependency that can lead to denial of service
High
GHSA-gmc6-fwg3-75m5
was published
for
MimeKit
(NuGet)
Jul 11, 2024
Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability
High
CVE-2024-38095
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Jul 9, 2024
Microsoft Security Advisory CVE-2024-38081 | .NET Denial of Service Vulnerability
High
CVE-2024-38081
was published
for
Microsoft.IO.Redist
(NuGet)
Jul 9, 2024
Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability
High
CVE-2024-30105
was published
for
System.Text.Json
(NuGet)
Jul 9, 2024
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
High
CVE-2024-39677
was published
for
NHibernate
(NuGet)
Jul 8, 2024
OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability
High
CVE-2024-33862
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Jul 6, 2024
Azure Storage Movement Client Library Denial of Service Vulnerability
High
CVE-2024-35252
was published
for
Microsoft.Azure.Storage.DataMovement
(NuGet)
Jun 11, 2024
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
High
CVE-2024-32655
was published
for
Npgsql
(NuGet)
May 9, 2024
.NET Elevation of Privilege Vulnerability
High
CVE-2024-21409
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Apr 17, 2024
WiX based installers are vulnerable to binary hijack when run as SYSTEM
High
CVE-2024-29187
was published
for
WixToolset.Sdk
(NuGet)
Mar 25, 2024
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
High
CVE-2024-29188
was published
for
WixToolset.Util.wixext
(NuGet)
Mar 25, 2024
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
High
GHSA-g4v6-69p6-q3p4
was published
for
PanelSwWix4.Sdk
(NuGet)
Mar 25, 2024
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
High
GHSA-wq88-fq4x-h2pm
was published
for
PanelSW.Custom.WiX
(NuGet)
Mar 25, 2024
CoreWCF NetFraming based services can leave connections open when they should be closed
High
CVE-2024-28252
was published
for
CoreWCF.NetFramingBase
(NuGet)
Mar 15, 2024
ProTip!
Advisories are also available from the
GraphQL API