Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

228 advisories

Loading
Security Update for the OPC UA .NET Standard Stack Moderate
CVE-2024-45526 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Oct 18, 2024
Umbraco CMS logout page displayed before session expiration Moderate
CVE-2024-48926 was published for Umbraco.CMS (NuGet) Oct 22, 2024
TRexStark
Credited to TRexStark
MPXJ has a Potential Path Traversal Vulnerability Moderate
CVE-2024-49771 was published for MPXJ.Net (RubyGems) Oct 28, 2024
ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected Moderate
CVE-2024-50353 was published for ICG.AspNetCore.Utilities.CloudStorage (NuGet) Oct 30, 2024
mitchelsellers
Credited to mitchelsellers
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax eoftedal
Rudloff
Credited to klaudialax, eoftedal, and Rudloff
HTTP Client uses incorrect token after refresh Moderate
CVE-2024-51987 was published for Duende.AccessTokenManagement.OpenIdConnect (NuGet) Nov 7, 2024
natelaff
Credited to natelaff
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability Moderate
CVE-2024-30045 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) May 14, 2024
Cross-site scripting in bootstrap-select Moderate
CVE-2019-20921 was published for bootstrap-select (npm) May 7, 2021
Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications Moderate
CVE-2024-11862 was published for Devolutions.XTS.NET (NuGet) Nov 27, 2024
zer0x64 pdugre
Credited to zer0x64 and pdugre
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop Moderate
CVE-2024-30172 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov amita-seal
Credited to levpachmanov and amita-seal
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. Moderate
CVE-2024-29857 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
Credited to levpachmanov
Oqtane Framework Insecure Direct Object Reference vulnerability Moderate
CVE-2024-55471 was published for Oqtane.Framework (NuGet) Dec 20, 2024
Piranha CMS Cross-site Scripting vulnerability Moderate
CVE-2024-55342 was published for Piranha (NuGet) Dec 20, 2024
Piranha CMS Cross-site Scripting vulnerability Moderate
CVE-2024-55341 was published for Piranha (NuGet) Dec 20, 2024
SixLabors.ImageSharp vulnerable to data leakage Moderate
CVE-2024-32036 was published for SixLabors.ImageSharp (NuGet) Apr 15, 2024
antonfirsov
Credited to antonfirsov
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value Moderate
CVE-2024-32035 was published for SixLabors.ImageSharp (NuGet) Apr 15, 2024
skanejohan
Credited to skanejohan
XSS/HTML Injection Vulnerability in Umbraco Backoffice Components Moderate
CVE-2025-24012 was published for @umbraco-cms/backoffice (npm) Jan 21, 2025
Nexusss-ppatil
Credited to Nexusss-ppatil
Snowflake.Data has weak temporary files permissions Moderate
CVE-2025-24788 was published for Snowflake.Data (NuGet) Jan 29, 2025
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11022 was published for athlon1600/youtube-downloader (RubyGems) Apr 29, 2020
masatokinugawa Churro
Rudloff
Credited to masatokinugawa, Churro, and Rudloff
User account enumeration in Serenity Moderate
CVE-2023-31286 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
Heap buffer overflow in CefSharp Moderate
CVE-2020-15999 was published for CefSharp.Common (NuGet) Oct 27, 2020
TShock allows chat while not fully connected, possible ban evasion Moderate
GHSA-f8mx-cwfh-7hr2 was published for tshock (NuGet) Feb 3, 2025
ohayo
Credited to ohayo
Blind SSRF Leads to Port Scan by using Webhooks Moderate
CVE-2024-29035 was published for Umbraco.Cms.Core (NuGet) Apr 17, 2024
0xRyuzak1
Credited to 0xRyuzak1
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane Moderate
CVE-2024-35218 was published for UmbracoCms.Core (NuGet) May 21, 2024
RaphaelCSSilva
Credited to RaphaelCSSilva
Withdrawn Advisory: Umbraco Rich Text Display allows Cross-Site Scripting Moderate
CVE-2024-55488 was published for Umbraco.Cms.Infrastructure (NuGet) Jan 22, 2025 withdrawn
AndyButland
Credited to AndyButland
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database