Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

704 advisories

Loading
YoutubeDLSharp allows command injection on windows system due to non sanitized arguments Critical
CVE-2025-43858 was published for YoutubeDLSharp (NuGet) Apr 23, 2025
kitsumed alxnull
Apache ActiveMQ NMS OpenWire Client Deserialization of Untrusted Data vulnerability Critical
CVE-2025-29953 was published for Apache.NMS.ActiveMQ (NuGet) Apr 18, 2025
Infinite loop condition in Amazon.IonDotnet High
CVE-2025-3857 was published for Amazon.IonDotnet (NuGet) Apr 21, 2025
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes Moderate
CVE-2025-24011 was published for Umbraco.Cms (NuGet) Jan 21, 2025
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024
alexeyNeklesa-idt metametadata
Cross-site Scripting in jquery-ui Moderate
CVE-2010-5312 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
CefSharp affected by incorrect handle provided in unspecified circumstances in Mojo on Windows High
GHSA-f87w-3j5w-v58p was published for CefSharp.OffScreen (NuGet) Apr 12, 2025
Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs Moderate
CVE-2025-32016 was published for Microsoft.Identity.Abstractions (NuGet) Apr 9, 2025
MarcelMichau jmprieur
jennyf19 keegan-caruso rymeskar
DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF) Moderate
CVE-2025-32372 was published for DotNetNuke.Core (NuGet) Apr 9, 2025
s0nnyWT valadas
david-poindexter
CoreWCF NetFraming based services can leave connections open when they should be closed High
CVE-2024-28252 was published for CoreWCF.NetFramingBase (NuGet) Mar 15, 2024
mirek-kopacka birojnayak
mconnew
Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users High
CVE-2025-32017 was published for Umbraco.Cms (NuGet) Apr 9, 2025
ggisz
Blogifier does not properly restrict APIs Critical
CVE-2019-12277 was published for Blogifier.Core (NuGet) May 24, 2022
.NET Denial of Service Vulnerability High
CVE-2024-43499 was published for System.Formats.Nrbf (NuGet) Nov 12, 2024
yusuke-koyoshi
High severity vulnerability that affects System.Management.Automation High
CVE-2019-1301 was published for System.Management.Automation (NuGet) Sep 13, 2019
TravisEz13
Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability High
CVE-2024-43484 was published for System.IO.Packaging (NuGet) Oct 8, 2024
rbhanda
Code injection in RazorEngine Critical
CVE-2021-46703 was published for RazorEngine (NuGet) Mar 7, 2022
skofman1 malmor
Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability High
CVE-2025-24043 was published for dotnet-debugger-extensions (NuGet) Mar 7, 2025
hoyosjs
Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content Moderate
CVE-2025-27602 was published for Umbraco.Cms.Web.Backoffice (NuGet) Mar 11, 2025
hazemeldoc
Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality Moderate
CVE-2025-27601 was published for Umbraco.Cms.Api.Management (NuGet) Mar 11, 2025
Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability High
CVE-2025-24070 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 11, 2025
Out-of-bounds Write in SixLabors ImageSharp High
CVE-2025-27598 was published for SixLabors.ImageSharp (NuGet) Mar 6, 2025
andreas-eriksson
DoS Vulnerability in TraceContextPropagator.Extract - OpenTelemetry.Api High
GHSA-vc29-vg52-6643 was published for OpenTelemetry.AutoInstrumentation (NuGet) Mar 6, 2025
OpenTelemetry .NET has Denial of Service (DoS) Vulnerability in API Package Moderate
CVE-2025-27513 was published for OpenTelemetry.Api (NuGet) Mar 5, 2025
Security Update for the OPC UA .NET Standard Stack Moderate
CVE-2024-42512 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) Mar 3, 2025
TomTervoort
Duplicate Advisory: Authorization Bypass in OPC UA .NET Standard Stack High
GHSA-qv5f-57gw-vx3h was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database