GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
662 advisories
Filter by severity
Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)
Moderate
CVE-2023-51662
was published
for
Snowflake.Data
(NuGet)
Dec 22, 2023
Stored XSS via SVG File Upload
Low
CVE-2023-49279
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Brute force exploit can be used to collect valid usernames
Low
CVE-2023-49278
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
Low
CVE-2023-49274
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Privilege Escalation using Spoofing
Moderate
CVE-2023-49273
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
Low
CVE-2023-49089
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
DOM-XSS on Backoffice login screen.
Moderate
CVE-2023-48313
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Backoffice User can bypass "Publish" restriction
Low
CVE-2023-48227
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Possible injection of HTML into user invite mails
Low
CVE-2023-38694
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Stale copy of the public suffix list
Low
GHSA-w4x6-hh3x-wjrx
was published
for
Gsemac.Net
(NuGet)
Dec 11, 2023
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
Ajax Pro Cross-site Scripting
Moderate
CVE-2023-49289
was published
for
AjaxNetProfessional
(NuGet)
Dec 5, 2023
Exposure of Sensitive Information in Elastic APM .NET Agent
Low
CVE-2021-22143
was published
for
Elastic.Apm
(NuGet)
Nov 22, 2023
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Moderate
CVE-2023-48219
was published
for
TinyMCE
(Composer)
Nov 15, 2023
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability
High
CVE-2023-36049
was published
for
System.Net.Requests
(NuGet)
Nov 14, 2023
Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability
Moderate
CVE-2023-36558
was published
for
Microsoft.AspNetCore.Components
(NuGet)
Nov 14, 2023
TinyMCE XSS vulnerability in notificationManager.open API
Moderate
CVE-2023-45819
was published
for
TinyMCE
(Composer)
Oct 19, 2023
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Moderate
CVE-2023-45818
was published
for
TinyMCE
(Composer)
Oct 19, 2023
Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free
Moderate
CVE-2023-45814
was published
for
Bunkum
(NuGet)
Oct 19, 2023
MsQuic Remote Denial of Service Vulnerability
High
CVE-2023-36435
was published
for
Microsoft.Native.Quic.MsQuic.OpenSSL
(NuGet)
Oct 10, 2023
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel
High
CVE-2023-38171
was published
for
Microsoft.Native.Quic.MsQuic.OpenSSL
(NuGet)
Oct 10, 2023
Azure Identity SDK Remote Code Execution Vulnerability
High
CVE-2023-36414
was published
for
Azure.Identity
(NuGet)
Oct 10, 2023
Microsoft Common Data Model SDK Denial of Service Vulnerability
Moderate
CVE-2023-36566
was published
for
Microsoft.CommonDataModel.ObjectModel
(Maven)
Oct 10, 2023
Vulnerable version of libwebp and can be exploited with a malicious source image
High
GHSA-wqcr-xm43-hpqr
was published
for
ImageResizer.Plugins.FreeImage
(NuGet)
Oct 6, 2023
CefSharp affected by libvpx's heap buffer overflow in vp8 encoding
High
GHSA-4c29-gfrp-g6x9
was published
for
CefSharp.Common
(NuGet)
Oct 5, 2023
ProTip!
Advisories are also available from the
GraphQL API