GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,141
Erlang
30
GitHub Actions
19
Go
1,942
Maven
5,000+
npm
3,684
NuGet
650
pip
3,303
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
650 advisories
Filter by severity
Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability
High
CVE-2024-43485
was published
for
System.Text.Json
(NuGet)
Oct 8, 2024
Umbraco CMS logout page displayed before session expiration
Moderate
CVE-2024-48926
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Security Update for the OPC UA .NET Standard Stack
Moderate
CVE-2024-45526
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 18, 2024
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out
Moderate
CVE-2024-48929
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
Moderate
CVE-2024-48927
was published
for
Umbraco.Cms
(NuGet)
Oct 22, 2024
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Low
CVE-2024-48925
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
Moderate
CVE-2024-47819
was published
for
@umbraco-cms/backoffice
(npm)
Oct 22, 2024
NULL Pointer Dereference in Protocol Buffers
High
CVE-2021-22570
was published
for
Google.Protobuf
(Composer)
Jan 27, 2022
protobuf susceptible to buffer overflow
High
CVE-2015-5237
was published
for
Google.Protobuf
(Composer)
May 13, 2022
Security Update for the OPC UA .NET Standard Stack
High
GHSA-qm9f-c3v9-wphv
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 18, 2024
MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow
Moderate
CVE-2024-48924
was published
for
MessagePack
(NuGet)
Oct 17, 2024
Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack
Moderate
CVE-2020-5234
was published
for
MessagePack
(NuGet)
Jan 31, 2020
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability
High
CVE-2024-43483
was published
for
Microsoft.Extensions.Caching.Memory
(NuGet)
Oct 8, 2024
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation
High
CVE-2023-41890
was published
for
Kentor.AuthServices
(NuGet)
Sep 20, 2023
Cross-Site Scripting in jquery
Moderate
CVE-2020-7656
was published
for
jQuery
(RubyGems)
May 20, 2020
Exposure of Sensitive Information in OPC UA .NET Standard Reference Server
Moderate
CVE-2023-31048
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
May 5, 2023
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability
High
CVE-2024-38229
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Oct 8, 2024
ASP.NET Core and Visual Studio Denial of Service Vulnerability
High
CVE-2021-1723
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
May 24, 2022
Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability
High
CVE-2024-43484
was published
for
System.IO.Packaging
(NuGet)
Oct 8, 2024
CRLF Injection in RestSharp's `RestRequest.AddHeader` method
Moderate
CVE-2024-45302
was published
for
RestSharp
(NuGet)
Aug 29, 2024
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
.NET Elevation of Privilege Vulnerability
High
CVE-2024-21409
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Apr 17, 2024
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Moderate
CVE-2024-35218
was published
for
UmbracoCms.Core
(NuGet)
May 21, 2024
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
Low
CVE-2023-49089
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Component takeover in Oracle Data Provider for .NET
High
CVE-2023-21893
was published
for
Oracle.ManagedDataAccess
(NuGet)
Jan 18, 2023
ProTip!
Advisories are also available from the
GraphQL API