GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
407 advisories
Filter by severity
CoreWCF NetFraming based services can leave connections open when they should be closed
High
CVE-2024-28252
was published
for
CoreWCF.NetFramingBase
(NuGet)
Mar 15, 2024
Remote Denial of Service Vulnerability in Microsoft QUIC
High
GHSA-2x7m-gf85-3745
was published
for
Microsoft.Native.Quic.MsQuic.OpenSSL
(NuGet)
Mar 13, 2024
Use After Free in SixLabors.ImageSharp
High
CVE-2024-27929
was published
for
SixLabors.ImageSharp
(NuGet)
Mar 5, 2024
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
CVE-2024-24810
was published
for
wix
(NuGet)
Feb 8, 2024
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
GHSA-8v28-3g86-chj5
was published
for
PanelSwWix4.Sdk
(NuGet)
Feb 8, 2024
Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
GHSA-259p-rvjx-ffwg
was published
for
PanelSW.Custom.WiX
(NuGet)
Feb 8, 2024
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
High
CVE-2024-21643
was published
for
Microsoft.IdentityModel.Protocols.SignedHttpRequest
(NuGet)
Jan 9, 2024
PowerShell is subject to remote code execution vulnerability
High
GHSA-jcmq-5rrv-j2g4
was published
for
PowerShell
(NuGet)
Feb 2, 2024
TrueLayer.Client SSRF when fetching payment or payment provider
High
CVE-2024-23838
was published
for
TrueLayer.Client
(NuGet)
Jan 30, 2024
ASP.NET Core Denial of Service Vulnerability
High
CVE-2020-1597
was published
for
Microsoft.AspNetCore.All
(NuGet)
May 24, 2022
Cookie parsing failure
High
CVE-2020-1045
was published
for
Microsoft.AspNetCore.App
(NuGet)
May 24, 2022
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
Denial of service in CBOR library
High
CVE-2024-21909
was published
for
PeterO.Cbor
(NuGet)
Jan 21, 2022
Duplicate Advisory: Denial of service in CBOR library
High
GHSA-hf3r-vmrv-7w29
was published
for
PeterO.Cbor
(NuGet)
Jan 3, 2024
•
withdrawn
Improper Handling of Exceptional Conditions in Newtonsoft.Json
High
CVE-2024-21907
was published
for
Newtonsoft.Json
(NuGet)
Jun 22, 2022
.NET Denial of Service Vulnerability
High
CVE-2022-29145
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Aug 30, 2022
.NET Denial of Service Vulnerability
High
CVE-2022-29117
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Aug 30, 2022
.NET Denial of Service Vulnerability
High
CVE-2022-23267
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Oct 21, 2022
.NET Denial of Service Vulnerability
High
CVE-2022-38013
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Sep 15, 2022
Path Traversal: 'dir/../../filename' in moment.locale
High
CVE-2022-24785
was published
for
Moment.js
(npm)
Apr 4, 2022
Moment.js vulnerable to Inefficient Regular Expression Complexity
High
CVE-2022-31129
was published
for
Moment.js
(npm)
Jul 6, 2022
.NET Remote Code Execution Vulnerability
High
CVE-2023-24895
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Jun 14, 2023
Microsoft Security Advisory CVE-2023-33126: .NET Remote Code Execution Vulnerability
High
CVE-2023-33126
was published
for
Microsoft.NetCore.App.Runtime.win-arm
(NuGet)
Jun 14, 2023
Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability
High
CVE-2023-36796
was published
for
Microsoft.NETCore.App.Runtime.win-arm64
(NuGet)
Sep 12, 2023
ProTip!
Advisories are also available from the
GraphQL API