GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
661 advisories
Filter by severity
Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality
Moderate
CVE-2024-35240
was published
for
Umbraco.Commerce
(NuGet)
May 28, 2024
Umbraco Forms components vulnerable to Stored Cross-site Scripting
Low
CVE-2024-35239
was published
for
Umbraco.Forms
(NuGet)
May 28, 2024
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Moderate
CVE-2024-35218
was published
for
UmbracoCms.Core
(NuGet)
May 21, 2024
Umbraco CMS Open Redirect Bypass Protection
Moderate
CVE-2024-34071
was published
for
Umbraco.Cms.Web.BackOffice
(NuGet)
May 21, 2024
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability
Moderate
CVE-2024-30046
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
May 14, 2024
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability
Moderate
CVE-2024-30045
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
May 14, 2024
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
Moderate
CVE-2024-30054
was published
for
Microsoft.PowerBI.JavaScript
(NuGet)
May 14, 2024
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
Moderate
CVE-2024-30172
was published
for
BouncyCastle
(Maven)
May 14, 2024
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Moderate
CVE-2024-29857
was published
for
BouncyCastle
(Maven)
May 14, 2024
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
Moderate
CVE-2024-30171
was published
for
BouncyCastle
(Maven)
May 14, 2024
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
High
CVE-2024-32655
was published
for
Npgsql
(NuGet)
May 9, 2024
Umbraco Workflow's Backoffice users can execute arbitrary SQL
Moderate
CVE-2024-32872
was published
for
Plumber.Workflow
(NuGet)
Apr 24, 2024
.NET Elevation of Privilege Vulnerability
High
CVE-2024-21409
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Apr 17, 2024
Blind SSRF Leads to Port Scan by using Webhooks
Moderate
CVE-2024-29035
was published
for
Umbraco.Cms.Core
(NuGet)
Apr 17, 2024
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
Low
CVE-2024-27086
was published
for
Microsoft.Identity.Client
(NuGet)
Apr 16, 2024
SixLabors.ImageSharp vulnerable to data leakage
Moderate
CVE-2024-32036
was published
for
SixLabors.ImageSharp
(NuGet)
Apr 15, 2024
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value
Moderate
CVE-2024-32035
was published
for
SixLabors.ImageSharp
(NuGet)
Apr 15, 2024
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Moderate
CVE-2024-32028
was published
for
OpenTelemetry.Instrumentation.AspNetCore
(NuGet)
Apr 12, 2024
Azure Identity Library for .NET Information Disclosure Vulnerability
Moderate
CVE-2024-29992
was published
for
Azure.Identity
(NuGet)
Apr 9, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Moderate
CVE-2024-29203
was published
for
TinyMCE
(Composer)
Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Moderate
CVE-2024-29881
was published
for
TinyMCE
(Composer)
Mar 26, 2024
WiX based installers are vulnerable to binary hijack when run as SYSTEM
High
CVE-2024-29187
was published
for
WixToolset.Sdk
(NuGet)
Mar 25, 2024
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
High
CVE-2024-29188
was published
for
WixToolset.Util.wixext
(NuGet)
Mar 25, 2024
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
High
GHSA-g4v6-69p6-q3p4
was published
for
PanelSwWix4.Sdk
(NuGet)
Mar 25, 2024
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
High
GHSA-wq88-fq4x-h2pm
was published
for
PanelSW.Custom.WiX
(NuGet)
Mar 25, 2024
ProTip!
Advisories are also available from the
GraphQL API