Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,086
Maven
5,000+
npm
3,749
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

185 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor in DisCatSharp Moderate
CVE-2022-24849 was published for DisCatSharp (NuGet) Apr 22, 2022
Azure SDK for .NET Information Disclosure Vulnerability. Moderate
CVE-2022-26907 was published for Microsoft.Rest.ClientRuntime (NuGet) Apr 16, 2022
Code injection in RazorEngine Moderate
CVE-2021-46703 was published for RazorEngine (NuGet) Mar 7, 2022
skofman1
Prototype Pollution in jquery.cookie Moderate
CVE-2022-23395 was published for jquery.cookie (NuGet) Mar 3, 2022
Path Traversal in SharpZipLib Moderate
CVE-2021-32842 was published for SharpZipLib (NuGet) Feb 1, 2022
Path Traversal in SharpZipLib Moderate
CVE-2021-32841 was published for SharpZipLib (NuGet) Feb 1, 2022
orchardcore is vulnerable to Cross-site Scripting Moderate
CVE-2022-0159 was published for OrchardCore (NuGet) Jan 21, 2022
Cross-site Scripting OrchardCore.Application.Cms.Targets Moderate
CVE-2022-0274 was published for OrchardCore.Application.Cms.Targets (NuGet) Jan 21, 2022
Server side request forgery in SwaggerUI Moderate
GHSA-qrmm-w75w-3wpx was published for Swashbuckle.AspNetCore.SwaggerUI (npm) Dec 9, 2021
dinvlad pshelton-skype
Dingjie-Daniel-Yang
Improper Certificate Validation in OPCFoundation.NetStandard.Opc.Ua.Core Moderate
CVE-2020-29457 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) Nov 19, 2021
mregen
Cross-site scripting vulnerability in TinyMCE plugins Moderate
CVE-2024-21910 was published for TinyMCE (Composer) Nov 2, 2021
Cross-site Scripting in PiranhaCMS Moderate
CVE-2021-25977 was published for Piranha (NuGet) Oct 27, 2021
XSS in `*Text` options of the Datepicker widget in jquery-ui Moderate
CVE-2021-41183 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena
XSS in the `of` option of the `.position()` util in jquery-ui Moderate
CVE-2021-41184 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena A-Fitz-Nelnet
XSS in the `altField` option of the Datepicker widget in jquery-ui Moderate
CVE-2021-41182 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21908 was published for TinyMCE (Composer) Oct 22, 2021
Credential Disclosure in System.DirectoryServices.Protocols Moderate
CVE-2021-41355 was published for System.DirectoryServices.Protocols (NuGet) Oct 12, 2021
Partial path traversal in sharpcompress Moderate
CVE-2021-39208 was published for sharpcompress (NuGet) Sep 20, 2021
JarLob geoffodonnell
ASP.NET Core Information Disclosure Vulnerability Moderate
CVE-2021-34532 was published for Microsoft.AspNetCore.Authentication.JwtBearer (NuGet) Aug 25, 2021
Timing based private key exposure in Bouncy Castle Moderate
CVE-2020-15522 was published for BouncyCastle (Maven) Aug 13, 2021
klaudialax
Unrestricted Upload of File with Dangerous Type in Umbraco CMS Moderate
CVE-2020-9472 was published for UmbracoCms (NuGet) Aug 2, 2021
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard Moderate
CVE-2020-8867 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Aug 2, 2021
Cross-site scripting in bootstrap-select Moderate
CVE-2019-20921 was published for bootstrap-select (npm) May 7, 2021
Authenticated path traversal in Umbraco CMS Moderate
CVE-2020-5811 was published for UmbracoCms (NuGet) Apr 13, 2021
Incorrect permission enforcement in UmbracoCms Moderate
CVE-2020-29454 was published for UmbracoCms (NuGet) Apr 13, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database