Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,176
Erlang
30
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

39 advisories

Loading
Critical severity vulnerability that affects Auth0-WCF-Service-JWT Critical
CVE-2019-7644 was published for Auth0-WCF-Service-JWT (NuGet) Apr 18, 2019
Critical severity vulnerability that affects recurly-api-client Critical
CVE-2017-0907 was published for recurly-api-client (NuGet) Oct 16, 2018
The installation wizard in DotNetNuke (DNN) allows privilege escalation Critical
CVE-2015-2794 was published for DotNetNuke.Core (NuGet) Oct 16, 2018
Remote Code Execution in AjaxNetProfessional Critical
GHSA-6r7c-6w96-8pvw was published for AjaxNetProfessional (NuGet) Dec 7, 2021
h0ng10 mwulftange
MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation Critical
CVE-2019-9845 was published for MadsKristensen.AspNetCore.Miniblog (NuGet) Jul 5, 2019
Imporoper path validation in elFinder.NetCore Critical
CVE-2021-23427 was published for elFinder.NetCore (NuGet) Sep 2, 2021
Deserialization of Untrusted Data in NancyFX Nancy Critical
CVE-2017-9785 was published for Nancy (NuGet) May 17, 2022
Use of Hard-coded Credentials in AgileConfig.Client Critical
CVE-2022-35540 was published for AgileConfig.Client (NuGet) Aug 19, 2022
Deserialization of Untrusted Data in SinGooCMS.Utility Critical
CVE-2022-0749 was published for SinGooCMS.Utility (NuGet) Mar 18, 2022
Double Free in Adplug Critical
CVE-2019-15151 was published for adplug (NuGet) Mar 29, 2021
.NET Core Remote Code Execution Vulnerability Critical
CVE-2021-24112 was published for System.Drawing.Common (NuGet) May 24, 2022
XML External Entity attack in log4net Critical
CVE-2018-1285 was published for log4net (NuGet) Jan 29, 2021
DNS NuGet package uses insufficiently random values Critical
CVE-2021-4248 was published for DNS (NuGet) Dec 18, 2022
Insecure deserialization in Wire Critical
CVE-2021-29508 was published for Wire (NuGet) May 19, 2021
Missing Authorization in FastReport Critical
CVE-2020-27998 was published for FastReport.OpenSource (NuGet) Aug 2, 2021
Remote Code Execution in Halibut Critical
CVE-2021-31819 was published for Halibut (NuGet) Sep 23, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43569 was published for starkbank-ecdsa (NuGet) Nov 10, 2021
curl FTP path confusion leads to NIL byte out of bounds write Critical
CVE-2018-1000120 was published for curl (NuGet) May 14, 2022
joelverhagen
LiteDB may deserialize bad JSON on object type using _type Critical
CVE-2022-23535 was published for LiteDB (NuGet) Feb 24, 2023
Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution. Critical
CVE-2022-39256 was published for CompositeC1.Core (NuGet) Sep 30, 2022
tdunlap607
Duplicate Advisory: tgstation-server vulnerable to cached user logins in legacy server Critical
GHSA-7r36-jf3c-jhp4 was published for TGServiceInterface (NuGet) May 13, 2022 withdrawn
QuantConnect Lean vulnerable to insecure deserialization Critical
CVE-2020-20136 was published for QuantConnect.Common (NuGet) May 24, 2022
Improper Input Validation in IpMatcher Critical
CVE-2021-33318 was published for IpMatcher (NuGet) May 17, 2022
AutoUpdater.NET allows XXE Critical
CVE-2019-20627 was published for Autoupdater.NET.Official (NuGet) May 24, 2022
CefSharp affected by heap buffer overflow in WebP Critical
GHSA-j646-gj5p-p45g was published for CefSharp.Common (NuGet) Sep 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database