Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,058
Maven
5,000+
npm
3,742
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

417 advisories

Loading
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability High
CVE-2024-21643 was published for Microsoft.IdentityModel.Protocols.SignedHttpRequest (NuGet) Jan 9, 2024
rymeskar brentschmaltz
GeoK keegan-caruso jmprieur jennyf19 TimHannMSFT
PowerShell is subject to remote code execution vulnerability High
GHSA-jcmq-5rrv-j2g4 was published for PowerShell (NuGet) Feb 2, 2024
TrueLayer.Client SSRF when fetching payment or payment provider High
CVE-2024-23838 was published for TrueLayer.Client (NuGet) Jan 30, 2024
foldedbits
ASP.NET Core Denial of Service Vulnerability High
CVE-2020-1597 was published for Microsoft.AspNetCore.All (NuGet) May 24, 2022
Cookie parsing failure High
CVE-2020-1045 was published for Microsoft.AspNetCore.App (NuGet) May 24, 2022
GeorgeHady skofman1
Tratcher
libwebp: OOB write in BuildHuffmanTable High
CVE-2023-4863 was published for Pillow (Go) Sep 12, 2023
delroth Nachtalb
pshelton-skype
Denial of service in CBOR library High
CVE-2024-21909 was published for PeterO.Cbor (NuGet) Jan 21, 2022
Duplicate Advisory: Denial of service in CBOR library High
GHSA-hf3r-vmrv-7w29 was published for PeterO.Cbor (NuGet) Jan 3, 2024 withdrawn
Improper Handling of Exceptional Conditions in Newtonsoft.Json High
CVE-2024-21907 was published for Newtonsoft.Json (NuGet) Jun 22, 2022
ezsilmar JamesNK
Path Traversal: 'dir/../../filename' in moment.locale High
CVE-2022-24785 was published for Moment.js (npm) Apr 4, 2022
Moment.js vulnerable to Inefficient Regular Expression Complexity High
CVE-2022-31129 was published for Moment.js (npm) Jul 6, 2022
vovikhangcdv
.NET Remote Code Execution Vulnerability High
CVE-2023-24895 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) Jun 14, 2023
Microsoft Security Advisory CVE-2023-33126: .NET Remote Code Execution Vulnerability High
CVE-2023-33126 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) Jun 14, 2023
Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability High
CVE-2023-36796 was published for Microsoft.NETCore.App.Runtime.win-arm64 (NuGet) Sep 12, 2023
Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability High
CVE-2023-36792 was published for Microsoft.NETCore.App.Runtime.win-arm64 (NuGet) Sep 12, 2023
Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability High
CVE-2023-36794 was published for Microsoft.NETCore.App.Runtime.win-arm64 (NuGet) Sep 12, 2023
Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability High
CVE-2023-36793 was published for Microsoft.NETCore.App.Runtime.win-arm64 (NuGet) Sep 12, 2023
ChakraCore RCE Vulnerability High
CVE-2016-3386 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
Duplicate Advisory: .NET Framework Remote Code Execution Vulnerability. High
GHSA-9qcm-fqj9-93m4 was published for Microsoft.WindowsDesktop.App.Runtime.win-x64 (NuGet) Dec 13, 2022 withdrawn
Directory traversal + file write causing arbitrary code execution High
CVE-2023-30626 was published for Jellyfin.Controller (NuGet) Apr 24, 2023
theGEBIRGE
Snowflake Connector .Net Command Injection High
CVE-2023-34230 was published for Snowflake.Data (NuGet) Jun 9, 2023
.NET Information Disclosure Vulnerability High
CVE-2023-35391 was published for Microsoft.AspNetCore.SignalR.Redis (NuGet) Aug 11, 2023
Insufficient token expiration in Serenity High
CVE-2023-31287 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions High
CVE-2023-37267 was published for Umbraco.Cms.Infrastructure (NuGet) Jul 13, 2023
1k-off dmitryMinaev
a-karandashov
Prototype Pollution in set-value High
CVE-2021-23440 was published for set-value (npm) Sep 13, 2021
mroch
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database