Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,680
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,473
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18 advisories

MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service Low
CVE-2024-27086 was published for Microsoft.Identity.Client (NuGet) Apr 16, 2024
localden bgavrilMS
gladjohn pmaytak jmprieur christothes ntc-swiss-team
Umbraco possible user enumeration Low
CVE-2024-28868 was published for UmbracoCMS (NuGet) Mar 20, 2024
poan21
Stored XSS via SVG File Upload Low
CVE-2023-49279 was published for Umbraco.CMS (NuGet) Dec 13, 2023
S3ntago
Brute force exploit can be used to collect valid usernames Low
CVE-2023-49278 was published for Umbraco.CMS (NuGet) Dec 13, 2023
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email. Low
CVE-2023-49274 was published for Umbraco.CMS (NuGet) Dec 13, 2023
emmagarland
Using the directory back payload (“/../”) in a package name allows placement of package in other folders. Low
CVE-2023-49089 was published for Umbraco.CMS (NuGet) Dec 13, 2023
Backoffice User can bypass "Publish" restriction Low
CVE-2023-48227 was published for Umbraco.CMS (NuGet) Dec 13, 2023
roie-shmuel
Possible injection of HTML into user invite mails Low
CVE-2023-38694 was published for Umbraco.CMS (NuGet) Dec 13, 2023
Stale copy of the public suffix list Low
GHSA-w4x6-hh3x-wjrx was published for Gsemac.Net (NuGet) Dec 11, 2023
Exposure of Sensitive Information in Elastic APM .NET Agent Low
CVE-2021-22143 was published for Elastic.Apm (NuGet) Nov 22, 2023
MarkLee131
Moq v4.20.0-rc to 4.20.1 share hashed user data Low
GHSA-6r78-m64m-qwcf was published for moq (NuGet) Aug 10, 2023
JonDouglas
EnumStringValues vulnerable to Uncontrolled Resource Consumption Low
CVE-2020-36620 was published for EnumStringValues (NuGet) Dec 21, 2022
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
Regular expression denial of service in jquery-validation Low
CVE-2021-43306 was published for jQuery.Validation (npm) Jun 3, 2022
klaudialax
Use of Sha-1 in tusdotnet Low
CVE-2021-44150 was published for tusdotnet (NuGet) Nov 29, 2021 withdrawn
XSS in HtmlSanitizer Low
CVE-2020-26293 was published for HtmlSanitizer (NuGet) Jan 4, 2021
personnummer/csharp vulnerable to Improper Input Validation Low
GHSA-qv8q-v995-72gr was published for personnummer (NuGet) Sep 9, 2020
Low severity vulnerability that affects Gw2Sharp Low
GHSA-4vr3-9v7h-5f8v was published for Gw2Sharp (NuGet) Jun 18, 2019
ProTip! Advisories are also available from the GraphQL API