GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,150
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
167 advisories
Filter by severity
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Moderate
CVE-2024-35255
was published
for
@azure/identity
(Go)
Jun 11, 2024
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
Moderate
CVE-2024-39677
was published
for
NHibernate
(NuGet)
Jul 8, 2024
Partial path traversal in sharpcompress
Moderate
CVE-2021-39208
was published
for
sharpcompress
(NuGet)
Sep 20, 2021
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6484
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2016-10735
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Moderate
CVE-2024-38356
was published
for
TinyMCE
(Composer)
Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Moderate
CVE-2024-38357
was published
for
TinyMCE
(Composer)
Jun 19, 2024
Cross-site scripting in bootstrap-select
Moderate
CVE-2019-20921
was published
for
bootstrap-select
(npm)
May 7, 2021
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
SixLabors ImageSharp has Excessive Memory Allocation in Gif Decoder
Moderate
CVE-2024-41132
was published
for
SixLabors.ImageSharp
(NuGet)
Jul 22, 2024
IdentityServer Open Redirect vulnerability
Moderate
GHSA-55p7-v223-x366
was published
for
IdentityServer4
(NuGet)
Jul 31, 2024
IdentityServer Open Redirect vulnerability
Moderate
CVE-2024-39694
was published
for
Duende.IdentityServer
(NuGet)
Jul 31, 2024
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
Moderate
CVE-2024-30171
was published
for
BouncyCastle
(Maven)
May 14, 2024
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
Moderate
CVE-2024-30172
was published
for
BouncyCastle
(Maven)
May 14, 2024
Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality
Moderate
CVE-2024-35240
was published
for
Umbraco.Commerce
(NuGet)
May 28, 2024
Microsoft Common Data Model SDK Denial of Service Vulnerability
Moderate
CVE-2023-36566
was published
for
Microsoft.CommonDataModel.ObjectModel
(Maven)
Oct 10, 2023
Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability
Moderate
CVE-2023-36799
was published
for
Microsoft.NETCore.App.Runtime.linux-arm
(NuGet)
Sep 12, 2023
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
Moderate
CVE-2022-30187
was published
for
Azure.Storage.Blobs
(Maven)
Jul 13, 2022
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Moderate
CVE-2024-35218
was published
for
UmbracoCms.Core
(NuGet)
May 21, 2024
ProTip!
Advisories are also available from the
GraphQL API