Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

720 advisories

Loading
Umbraco CMS disclosure of configured password requirements Moderate
CVE-2025-49147 was published for Umbraco.Cms (NuGet) Jun 24, 2025
DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input High
CVE-2025-52488 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
infosec-au
DNN.PLATFORM possibly allows bypass of IP Filters High
CVE-2025-52487 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
valadas bdukes
mitchelsellers
DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed Moderate
CVE-2025-52485 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
bdukes valadas
DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects Moderate
CVE-2025-52486 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
bdukes valadas
DotVVM allows path traversal when deployed in Debug mode High
GHSA-6q65-j4jw-9cg8 was published for DotVVM (NuGet) Jun 19, 2025
Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates Moderate
CVE-2025-49015 was published for CouchbaseNetClient (NuGet) Jun 18, 2025
Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability High
CVE-2025-30399 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jun 11, 2025
Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads Moderate
CVE-2025-48953 was published for Umbraco.Cms (NuGet) Jun 4, 2025
00mpal00mpa
DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline Moderate
CVE-2025-48378 was published for DotNetNuke.Core (NuGet) May 23, 2025
bdukes david-poindexter
valadas
Reflected Cross-Site Scripting (XSS) in module actions in edit mode Moderate
CVE-2025-48377 was published for DotNetNuke.Core (NuGet) May 23, 2025
bdukes david-poindexter
valadas
DNN site Import could use an external source with a crafted request Low
CVE-2025-48376 was published for DotNetNuke.SiteExportImport (NuGet) May 23, 2025
valadas donker
bdukes
Microsoft.Build.Tasks.Core .NET Spoofing Vulnerability High
CVE-2025-26646 was published for Microsoft.Build.Tasks.Core (NuGet) May 13, 2025
udlose
Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow Low
CVE-2025-47280 was published for Umbraco.Forms (NuGet) May 13, 2025
Umbraco Makes User Enumeration Feasible Based on Timing of Login Response Moderate
CVE-2025-46736 was published for Umbraco.Cms (NuGet) May 6, 2025
arneHildrum KireB
krieriks
Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file Low
CVE-2025-46326 was published for Snowflake.Data (NuGet) Apr 28, 2025
YoutubeDLSharp allows command injection on windows system due to non sanitized arguments Critical
CVE-2025-43858 was published for YoutubeDLSharp (NuGet) Apr 23, 2025
kitsumed alxnull
Infinite loop condition in Amazon.IonDotnet High
CVE-2025-3857 was published for Amazon.IonDotnet (NuGet) Apr 21, 2025
Apache ActiveMQ NMS OpenWire Client Deserialization of Untrusted Data vulnerability Critical
CVE-2025-29953 was published for Apache.NMS.ActiveMQ (NuGet) Apr 18, 2025
CefSharp affected by incorrect handle provided in unspecified circumstances in Mojo on Windows High
GHSA-f87w-3j5w-v58p was published for CefSharp.OffScreen (NuGet) Apr 12, 2025
Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs Moderate
CVE-2025-32016 was published for Microsoft.Identity.Abstractions (NuGet) Apr 9, 2025
MarcelMichau jmprieur
jennyf19 keegan-caruso rymeskar
DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF) Moderate
CVE-2025-32372 was published for DotNetNuke.Core (NuGet) Apr 9, 2025
s0nnyWT valadas
david-poindexter
Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users High
CVE-2025-32017 was published for Umbraco.Cms (NuGet) Apr 9, 2025
ggisz
Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability High
CVE-2025-24070 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 11, 2025
dwelch2344 udlose
Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content Moderate
CVE-2025-27602 was published for Umbraco.Cms.Web.Backoffice (NuGet) Mar 11, 2025
hazemeldoc
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database