Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

661 advisories

Loading
.NET Remote Code Execution Vulnerability High
CVE-2023-24897 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) Jun 14, 2023
NuGet Client Remote Code Execution Vulnerability High
CVE-2023-29337 was published for Microsoft.Build.NuGetSdkResolver (NuGet) Jun 14, 2023
tgstation-server cached user logins in legacy server High
CVE-2018-17107 was published for TGServiceInterface (NuGet) Jun 12, 2023
Cyberboss
Snowflake Connector .Net Command Injection High
CVE-2023-34230 was published for Snowflake.Data (NuGet) Jun 9, 2023
SSCMS vulnerable to Cross Site Scripting Moderate
CVE-2023-2862 was published for SSCMS (NuGet) May 24, 2023
Uncontrolled Resource Consumption in OPC UA .NET Standard Reference Server High
CVE-2023-27321 was published for OPCFoundation.NetStandard.Opc.Ua.Server (NuGet) May 5, 2023
Exposure of Sensitive Information in OPC UA .NET Standard Reference Server Moderate
CVE-2023-31048 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) May 5, 2023
User account enumeration in Serenity Moderate
CVE-2023-31286 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
Cross Site Scripting (XSS) in Serenity Moderate
CVE-2023-31285 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
Insufficient token expiration in Serenity High
CVE-2023-31287 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
Directory traversal + file write causing arbitrary code execution High
CVE-2023-30626 was published for Jellyfin.Controller (NuGet) Apr 24, 2023
theGEBIRGE
.NET Remote Code Execution vulnerability High
CVE-2023-28260 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) Apr 11, 2023
Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer High
CVE-2023-28638 was published for Snappier (NuGet) Mar 27, 2023
brantburnett
LiteDB may deserialize bad JSON on object type using _type Critical
CVE-2022-23535 was published for LiteDB (NuGet) Feb 24, 2023
MongoDB .NET/C# Driver vulnerable to Deserialization of Untrusted Data High
CVE-2022-48282 was published for MongoDB.Driver (NuGet) Feb 21, 2023
.NET Remote Code Execution Vulnerability High
CVE-2023-21808 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) Feb 14, 2023
Withdrawn Advisory: HTML injections in BTCPayServer High
CVE-2023-0493 was published for BTCPayServer.Client (NuGet) Jan 27, 2023 withdrawn
Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader Moderate
GHSA-3w9w-9833-gcpv was published for directxtex_desktop_2019 (NuGet) Jan 26, 2023
Component takeover in Oracle Data Provider for .NET High
CVE-2023-21893 was published for Oracle.ManagedDataAccess (NuGet) Jan 18, 2023
georg-jung alexkeh
.NET Denial of Service Vulnerability High
CVE-2023-21538 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jan 10, 2023
EnumStringValues vulnerable to Uncontrolled Resource Consumption Low
CVE-2020-36620 was published for EnumStringValues (NuGet) Dec 21, 2022
DNS NuGet package uses insufficiently random values Critical
CVE-2021-4248 was published for DNS (NuGet) Dec 18, 2022
.NET Remote Code Execution Vulnerability High
CVE-2022-41089 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) Dec 14, 2022
tdunlap607
Duplicate Advisory: .NET Framework Remote Code Execution Vulnerability. High
GHSA-9qcm-fqj9-93m4 was published for Microsoft.WindowsDesktop.App.Runtime.win-x64 (NuGet) Dec 13, 2022 withdrawn
Cross-site scripting vulnerability in TinyMCE alerts Moderate
CVE-2022-23494 was published for TinyMCE (Composer) Dec 8, 2022
P4rkJW
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database