Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,166
Maven
5,000+
npm
3,830
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

199 advisories

Loading
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content Moderate
CVE-2023-44390 was published for HtmlSanitizer (NuGet) Oct 4, 2023
Yaniv-git
Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability Moderate
CVE-2023-36799 was published for Microsoft.NETCore.App.Runtime.linux-arm (NuGet) Sep 12, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
SSCMS vulnerable to Cross Site Scripting Moderate
CVE-2023-2862 was published for SSCMS (NuGet) May 24, 2023
Exposure of Sensitive Information in OPC UA .NET Standard Reference Server Moderate
CVE-2023-31048 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) May 5, 2023
Cross Site Scripting (XSS) in Serenity Moderate
CVE-2023-31285 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
User account enumeration in Serenity Moderate
CVE-2023-31286 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader Moderate
GHSA-3w9w-9833-gcpv was published for directxtex_desktop_2019 (NuGet) Jan 26, 2023
Cross-site scripting vulnerability in TinyMCE alerts Moderate
CVE-2022-23494 was published for TinyMCE (Composer) Dec 8, 2022
P4rkJW
DSInternals Credential Roaming Elevation of Privilege Vulnerability Moderate
GHSA-vx2x-9cff-fhjw was published for DSInternals.Common (NuGet) Dec 6, 2022
Remote code execution vulnerability in dependency System.Drawing.Common Moderate
GHSA-gpv5-rp6w-58r8 was published for Akka (NuGet) Nov 22, 2022
petrikero
.NET Information Disclosure Vulnerability Moderate
CVE-2022-41064 was published for Microsoft.Data.SqlClient (NuGet) Nov 8, 2022
shanrath grvillic
.NET Core Information Disclosure Vulnerability Moderate
CVE-2021-34485 was published for Microsoft.NETCore.App (NuGet) Oct 20, 2022
.NET Remote Code Execution Vulnerability Moderate
CVE-2022-24512 was published for Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm (NuGet) Oct 18, 2022
OrchardCore vulnerable to HTML injection Moderate
CVE-2022-32173 was published for OrchardCore (NuGet) Oct 4, 2022
DNN vulnerable to Relative Path Traversal Moderate
CVE-2022-2922 was published for DotNetNuke.Core (NuGet) Oct 1, 2022
Exposure of Sensitive Information in OPCFoundation.NetStandard.Opc.Ua.Server Moderate
CVE-2022-33916 was published for OPCFoundation.NetStandard.Opc.Ua.Server (NuGet) Aug 24, 2022
mregen
Duplicate Advisory: .NET Information Disclosure Vulnerability Moderate
GHSA-2m65-m22p-9wjw was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Aug 10, 2022 withdrawn
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label Moderate
CVE-2022-31160 was published for jQuery.UI.Combined (RubyGems) Jul 18, 2022
Elkano c960657
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library Moderate
CVE-2022-30187 was published for Azure.Storage.Blobs (Maven) Jul 13, 2022
andrewpollock
Potential leak of NuGet.org API key Moderate
CVE-2022-30184 was published for NuGet.CommandLine (NuGet) Jun 14, 2022
JarLob
Cross site scripting in SSCMS Moderate
CVE-2022-30349 was published for SSCMS (NuGet) Jun 3, 2022
Weak private key generation in SSH.NET Moderate
CVE-2022-29245 was published for SSH.NET (NuGet) Jun 1, 2022
yaumn-synacktiv
Cross-site Scripting in ZKEACMS Moderate
CVE-2022-29362 was published for ZKEACMS.Publisher (NuGet) May 26, 2022
Cross site scripting in SiteServer CMS Moderate
CVE-2021-42656 was published for SSCMS (NuGet) May 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database