GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
184 advisories
Filter by severity
Privilege Escalation using Spoofing
Moderate
CVE-2023-49273
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
DOM-XSS on Backoffice login screen.
Moderate
CVE-2023-48313
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
Ajax Pro Cross-site Scripting
Moderate
CVE-2023-49289
was published
for
AjaxNetProfessional
(NuGet)
Dec 5, 2023
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Moderate
CVE-2023-48219
was published
for
TinyMCE
(Composer)
Nov 15, 2023
Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability
Moderate
CVE-2023-36558
was published
for
Microsoft.AspNetCore.Components
(NuGet)
Nov 14, 2023
TinyMCE XSS vulnerability in notificationManager.open API
Moderate
CVE-2023-45819
was published
for
TinyMCE
(Composer)
Oct 19, 2023
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Moderate
CVE-2023-45818
was published
for
TinyMCE
(Composer)
Oct 19, 2023
Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free
Moderate
CVE-2023-45814
was published
for
Bunkum
(NuGet)
Oct 19, 2023
Microsoft Common Data Model SDK Denial of Service Vulnerability
Moderate
CVE-2023-36566
was published
for
Microsoft.CommonDataModel.ObjectModel
(Maven)
Oct 10, 2023
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
Moderate
CVE-2023-44390
was published
for
HtmlSanitizer
(NuGet)
Oct 4, 2023
Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability
Moderate
CVE-2023-36799
was published
for
Microsoft.NETCore.App.Runtime.linux-arm
(NuGet)
Sep 12, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Moderate
CVE-2020-23064
was published
for
jQuery
(RubyGems)
Jun 26, 2023
•
withdrawn
SSCMS vulnerable to Cross Site Scripting
Moderate
CVE-2023-2862
was published
for
SSCMS
(NuGet)
May 24, 2023
Exposure of Sensitive Information in OPC UA .NET Standard Reference Server
Moderate
CVE-2023-31048
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
May 5, 2023
User account enumeration in Serenity
Moderate
CVE-2023-31286
was published
for
Serenity.Net.Core
(NuGet)
Apr 27, 2023
Cross Site Scripting (XSS) in Serenity
Moderate
CVE-2023-31285
was published
for
Serenity.Net.Core
(NuGet)
Apr 27, 2023
Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader
Moderate
GHSA-3w9w-9833-gcpv
was published
for
directxtex_desktop_2019
(NuGet)
Jan 26, 2023
Cross-site scripting vulnerability in TinyMCE alerts
Moderate
CVE-2022-23494
was published
for
TinyMCE
(Composer)
Dec 8, 2022
DSInternals Credential Roaming Elevation of Privilege Vulnerability
Moderate
GHSA-vx2x-9cff-fhjw
was published
for
DSInternals.Common
(NuGet)
Dec 6, 2022
Remote code execution vulnerability in dependency System.Drawing.Common
Moderate
GHSA-gpv5-rp6w-58r8
was published
for
Akka
(NuGet)
Nov 22, 2022
.NET Information Disclosure Vulnerability
Moderate
CVE-2022-41064
was published
for
Microsoft.Data.SqlClient
(NuGet)
Nov 8, 2022
.NET Core Information Disclosure Vulnerability
Moderate
CVE-2021-34485
was published
for
Microsoft.NETCore.App
(NuGet)
Oct 20, 2022
.NET Remote Code Execution Vulnerability
Moderate
CVE-2022-24512
was published
for
Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm
(NuGet)
Oct 18, 2022
OrchardCore vulnerable to HTML injection
Moderate
CVE-2022-32173
was published
for
OrchardCore
(NuGet)
Oct 4, 2022
ProTip!
Advisories are also available from the
GraphQL API