GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
Oqtane Framework Insecure Direct Object Reference vulnerability
Low
CVE-2024-55186
was published
for
Oqtane.Client
(NuGet)
Dec 20, 2024
.NET Denial of Service Vulnerability
Low
CVE-2024-43499
was published
for
System.Formats.Nrbf
(NuGet)
Nov 12, 2024
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Low
CVE-2024-48925
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Umbraco CMS Cross-site Scripting vulnerability
Low
CVE-2024-10761
was published
for
Umbraco.Cms.Core
(NuGet)
Nov 4, 2024
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs
Low
CVE-2024-49755
was published
for
Duende.IdentityServer
(NuGet)
Oct 28, 2024
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
Low
CVE-2023-49089
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error
Low
CVE-2024-40636
was published
for
Steeltoe.Discovery.ClientAutofac
(NuGet)
Jul 17, 2024
Umbraco Forms components vulnerable to Stored Cross-site Scripting
Low
CVE-2024-35239
was published
for
Umbraco.Forms
(NuGet)
May 28, 2024
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
Low
CVE-2024-27086
was published
for
Microsoft.Identity.Client
(NuGet)
Apr 16, 2024
Umbraco possible user enumeration
Low
CVE-2024-28868
was published
for
UmbracoCMS
(NuGet)
Mar 20, 2024
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
Low
CVE-2023-49274
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Backoffice User can bypass "Publish" restriction
Low
CVE-2023-48227
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Brute force exploit can be used to collect valid usernames
Low
CVE-2023-49278
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Possible injection of HTML into user invite mails
Low
CVE-2023-38694
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Stored XSS via SVG File Upload
Low
CVE-2023-49279
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Stale copy of the public suffix list
Low
GHSA-w4x6-hh3x-wjrx
was published
for
Gsemac.Net
(NuGet)
Dec 11, 2023
Exposure of Sensitive Information in Elastic APM .NET Agent
Low
CVE-2021-22143
was published
for
Elastic.Apm
(NuGet)
Nov 22, 2023
Moq v4.20.0-rc to 4.20.1 share hashed user data
Low
GHSA-6r78-m64m-qwcf
was published
for
moq
(NuGet)
Aug 10, 2023
Use of Sha-1 in tusdotnet
Low
CVE-2021-44150
was published
for
tusdotnet
(NuGet)
Nov 29, 2021
•
withdrawn
EnumStringValues vulnerable to Uncontrolled Resource Consumption
Low
CVE-2020-36620
was published
for
EnumStringValues
(NuGet)
Dec 21, 2022
personnummer/csharp vulnerable to Improper Input Validation
Low
GHSA-qv8q-v995-72gr
was published
for
personnummer
(NuGet)
Sep 9, 2020
Low severity vulnerability that affects Gw2Sharp
Low
GHSA-4vr3-9v7h-5f8v
was published
for
Gw2Sharp
(NuGet)
Jun 18, 2019
ProTip!
Advisories are also available from the
GraphQL API