Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

39 advisories

Loading
Critical severity vulnerability that affects recurly-api-client Critical
CVE-2017-0907 was published for recurly-api-client (NuGet) Oct 16, 2018
The installation wizard in DotNetNuke (DNN) allows privilege escalation Critical
CVE-2015-2794 was published for DotNetNuke.Core (NuGet) Oct 16, 2018
Critical severity vulnerability that affects Auth0-WCF-Service-JWT Critical
CVE-2019-7644 was published for Auth0-WCF-Service-JWT (NuGet) Apr 18, 2019
MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation Critical
CVE-2019-9845 was published for MadsKristensen.AspNetCore.Miniblog (NuGet) Jul 5, 2019
XML External Entity attack in log4net Critical
CVE-2018-1285 was published for log4net (NuGet) Jan 29, 2021
Double Free in Adplug Critical
CVE-2019-15151 was published for adplug (NuGet) Mar 29, 2021
.NET Core Remote Code Execution Vulnerability Critical
CVE-2021-26701 was published for System.Text.Encodings.Web (NuGet) Apr 21, 2021
Insecure deserialization in Wire Critical
CVE-2021-29508 was published for Wire (NuGet) May 19, 2021
Missing Authorization in FastReport Critical
CVE-2020-27998 was published for FastReport.OpenSource (NuGet) Aug 2, 2021
Imporoper path validation in elFinder.NetCore Critical
CVE-2021-23427 was published for elFinder.NetCore (NuGet) Sep 2, 2021
Remote Code Execution in Halibut Critical
CVE-2021-31819 was published for Halibut (NuGet) Sep 23, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43569 was published for starkbank-ecdsa (NuGet) Nov 10, 2021
Remote Code Execution in AjaxNetProfessional Critical
GHSA-6r7c-6w96-8pvw was published for AjaxNetProfessional (NuGet) Dec 7, 2021
h0ng10 mwulftange
Remote Code Execution in AjaxNetProfessional Critical
CVE-2021-23758 was published for AjaxNetProfessional (NuGet) Dec 16, 2021
Deserialization of Untrusted Data in SinGooCMS.Utility Critical
CVE-2022-0749 was published for SinGooCMS.Utility (NuGet) Mar 18, 2022
ChakraCore RCE Vulnerability Critical
CVE-2018-8500 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
ChakraCore vulnerable to privilege escalation Critical
CVE-2017-11767 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
Duplicate Advisory: tgstation-server vulnerable to cached user logins in legacy server Critical
GHSA-7r36-jf3c-jhp4 was published for TGServiceInterface (NuGet) May 13, 2022 withdrawn
curl FTP path confusion leads to NIL byte out of bounds write Critical
CVE-2018-1000120 was published for curl (NuGet) May 14, 2022
joelverhagen
Improper Input Validation in IpMatcher Critical
CVE-2021-33318 was published for IpMatcher (NuGet) May 17, 2022
ChakraCore RCE Vulnerability Critical
CVE-2017-8658 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
Deserialization of Untrusted Data in NancyFX Nancy Critical
CVE-2017-9785 was published for Nancy (NuGet) May 17, 2022
ChakraCore RCE Vulnerability Critical
CVE-2017-0223 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
New Relic .NET Agent contains SQL Injection Critical
CVE-2017-9246 was published for NewRelic.Agent (NuGet) May 17, 2022
ChakraCore RCE Vulnerability Critical
CVE-2017-0252 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database