GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
657 advisories
Filter by severity
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes
Critical
CVE-2024-51501
was published
for
Refit
(NuGet)
Nov 4, 2024
HTTP Client uses incorrect token after refresh
Moderate
CVE-2024-51987
was published
for
Duende.AccessTokenManagement.OpenIdConnect
(NuGet)
Nov 7, 2024
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
Moderate
CVE-2024-30172
was published
for
BouncyCastle
(Maven)
May 14, 2024
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
jquery
(RubyGems)
Apr 29, 2020
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Umbraco CMS Cross-site Scripting vulnerability
Low
CVE-2024-10761
was published
for
Umbraco.Cms.Core
(NuGet)
Nov 4, 2024
Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability
High
CVE-2024-43383
was published
for
Lucene.Net.Replicator
(NuGet)
Oct 31, 2024
ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected
Moderate
CVE-2024-50353
was published
for
ICG.AspNetCore.Utilities.CloudStorage
(NuGet)
Oct 30, 2024
MPXJ has a Potential Path Traversal Vulnerability
Moderate
CVE-2024-49771
was published
for
MPXJ.Net
(RubyGems)
Oct 28, 2024
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs
Low
CVE-2024-49755
was published
for
Duende.IdentityServer
(NuGet)
Oct 28, 2024
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
Moderate
CVE-2022-31160
was published
for
jQuery.UI.Combined
(RubyGems)
Jul 18, 2022
Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability
High
CVE-2024-43485
was published
for
System.Text.Json
(NuGet)
Oct 8, 2024
Umbraco CMS logout page displayed before session expiration
Moderate
CVE-2024-48926
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Security Update for the OPC UA .NET Standard Stack
Moderate
CVE-2024-45526
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 18, 2024
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out
Moderate
CVE-2024-48929
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
Moderate
CVE-2024-48927
was published
for
Umbraco.Cms
(NuGet)
Oct 22, 2024
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Low
CVE-2024-48925
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
Moderate
CVE-2024-47819
was published
for
@umbraco-cms/backoffice
(npm)
Oct 22, 2024
NULL Pointer Dereference in Protocol Buffers
High
CVE-2021-22570
was published
for
Google.Protobuf
(Composer)
Jan 27, 2022
protobuf susceptible to buffer overflow
High
CVE-2015-5237
was published
for
Google.Protobuf
(Composer)
May 13, 2022
Security Update for the OPC UA .NET Standard Stack
High
GHSA-qm9f-c3v9-wphv
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 18, 2024
MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow
Moderate
CVE-2024-48924
was published
for
MessagePack
(NuGet)
Oct 17, 2024
Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack
Moderate
CVE-2020-5234
was published
for
MessagePack
(NuGet)
Jan 31, 2020
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability
High
CVE-2024-43483
was published
for
Microsoft.Extensions.Caching.Memory
(NuGet)
Oct 8, 2024
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation
High
CVE-2023-41890
was published
for
Kentor.AuthServices
(NuGet)
Sep 20, 2023
ProTip!
Advisories are also available from the
GraphQL API