Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,673
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,891
Pub
13
RubyGems
1,051
Rust
1,315
Swift
53
Unreviewed advisories
All unreviewed
5,000+

494 advisories

Loading
Path Traversal: 'dir/../../filename' in moment.locale High
CVE-2022-24785 was published for Moment.js (npm) Apr 4, 2022
Server side request forgery in C1 CMS High
CVE-2022-24789 was published for C1CMS.Assemblies (NuGet) Mar 30, 2022
Use after free in Animation High
CVE-2022-0609 was published for CefSharp.Common (NuGet) Feb 22, 2022
Path Traversal in SharpZipLib High
CVE-2021-32840 was published for SharpZipLib (NuGet) Feb 1, 2022
Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022 withdrawn
joshbressers Credited to joshbressers
Denial of service in CBOR library High
CVE-2024-21909 was published for PeterO.Cbor (NuGet) Jan 21, 2022
Umbraco Persistent Password Reset Poison High
CVE-2022-22691 was published for Umbraco.Cms.Core (NuGet) Jan 21, 2022
Umbraco ApplicationURL Overwrite High
CVE-2022-22690 was published for Umbraco.Cms.Core (NuGet) Jan 21, 2022
Allocation of Resources Without Limits or Throttling in Apache Avro High
CVE-2021-43045 was published for Apache.Avro (NuGet) Jan 8, 2022
AjaxNetProfessional deserializes arbitrary JavaScript objects High
CVE-2021-43853 was published for AjaxNetProfessional (NuGet) Jan 6, 2022
jsk95 Credited to jsk95 and ashmind ashmind ashmind
Cross-Site Request Forgery in PiranhaCMS High
CVE-2021-25976 was published for Piranha (NuGet) Nov 17, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries High
GHSA-9wx7-jrvc-28mm was published for com.starkbank:ecdsa-java (Maven) Nov 8, 2021
tdunlap607 Credited to tdunlap607
Missing Authorization with Default Settings in Dashboard UI High
CVE-2021-41238 was published for Hangfire.Core (NuGet) Nov 3, 2021
ASP.NET Core Denial of Service Vulnerability High
CVE-2021-31957 was published for Microsoft.NETCore.App.Ref (NuGet) Oct 6, 2021 withdrawn
Prototype Pollution in set-value High
CVE-2021-23440 was published for set-value (npm) Sep 13, 2021
mroch Credited to mroch
Path traversal in elFinder.NetCore High
CVE-2021-23428 was published for elFinder.NetCore (NuGet) Sep 2, 2021
Directory Traversal in elFinder.AspNet High
CVE-2021-23415 was published for elFinder.AspNet (NuGet) Aug 9, 2021
Regular Expression Denial of Service in System.Text.RegularExpressions High
CVE-2019-0820 was published for System.Text.RegularExpressions (NuGet) Aug 4, 2021
r-bit-rry Credited to r-bit-rry
Path Traversal in elFinder.Net.Core High
CVE-2021-23407 was published for elFinder.Net.Core (NuGet) Aug 2, 2021
Remote code execution in ChakraCore High
CVE-2020-1180 was published for Microsoft.ChakraCore (NuGet) Aug 2, 2021
Remote code execution in ChakraCore High
CVE-2020-1172 was published for Microsoft.ChakraCore (NuGet) Aug 2, 2021
Remote code execution in ChakraCore High
CVE-2020-1057 was published for Microsoft.ChakraCore (NuGet) Aug 2, 2021
Out-of-bounds write in ChakraCore High
CVE-2020-0768 was published for Microsoft.ChakraCore (NuGet) Aug 2, 2021
Out-of-bounds Write in ChakraCore High
CVE-2020-17048 was published for Microsoft.ChakraCore (NuGet) Aug 2, 2021
Out-of-bounds Write in ChakraCore High
CVE-2020-17054 was published for Microsoft.ChakraCore (NuGet) Aug 2, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database