GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
Improper Authentication
High
GHSA-qxx8-292g-2w66
was published
for
Microsoft.Bot.Connector
(NuGet)
Mar 8, 2021
Memory Allocation with Excessive Size Value in OPCFoundation.NetStandard.Opc.Ua.Core
High
CVE-2022-29863
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Jun 17, 2022
Security Update for the OPC UA .NET Standard Stack
High
CVE-2022-29862
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Jun 17, 2022
Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core
High
CVE-2022-29864
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Jun 17, 2022
Incorrect Implementation of Authentication Algorithm in OPCFoundation.NetStandard.Opc.Ua.Core
High
CVE-2022-29865
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Jun 17, 2022
Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core
High
CVE-2022-29866
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Jun 17, 2022
Incorrect Regular Expression in RestSharp
High
CVE-2021-27293
was published
for
RestSharp
(NuGet)
Jul 14, 2021
.NET Remote Code Execution Vulnerability
High
CVE-2022-41089
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Dec 14, 2022
AjaxNetProfessional deserializes arbitrary JavaScript objects
High
CVE-2021-43853
was published
for
AjaxNetProfessional
(NuGet)
Jan 6, 2022
Vulnerable version of libwebp and can be exploited with a malicious source image
High
GHSA-wqcr-xm43-hpqr
was published
for
ImageResizer.Plugins.FreeImage
(NuGet)
Oct 6, 2023
Imageflow affected by libwebp zero-day and should not be used with malicious source images.
High
GHSA-7vpr-3ppw-qrpj
was published
for
ImageResizer.Plugins.Imageflow
(NuGet)
Sep 27, 2023
Snowflake Connector .Net Command Injection
High
CVE-2023-34230
was published
for
Snowflake.Data
(NuGet)
Jun 9, 2023
Directory traversal + file write causing arbitrary code execution
High
CVE-2023-30626
was published
for
Jellyfin.Controller
(NuGet)
Apr 24, 2023
.NET Denial of Service Vulnerability
High
CVE-2022-38013
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Sep 15, 2022
.NET Denial of Service Vulnerability
High
CVE-2022-23267
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Oct 21, 2022
.NET Denial of Service Vulnerability
High
CVE-2022-29117
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Aug 30, 2022
.NET Denial of Service Vulnerability
High
CVE-2022-29145
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Aug 30, 2022
Denial of service in CBOR library
High
CVE-2024-21909
was published
for
PeterO.Cbor
(NuGet)
Jan 21, 2022
Cookie parsing failure
High
CVE-2020-1045
was published
for
Microsoft.AspNetCore.App
(NuGet)
May 24, 2022
TrueLayer.Client SSRF when fetching payment or payment provider
High
CVE-2024-23838
was published
for
TrueLayer.Client
(NuGet)
Jan 30, 2024
Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
GHSA-259p-rvjx-ffwg
was published
for
PanelSW.Custom.WiX
(NuGet)
Feb 8, 2024
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
GHSA-8v28-3g86-chj5
was published
for
PanelSwWix4.Sdk
(NuGet)
Feb 8, 2024
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
CVE-2024-24810
was published
for
wix
(NuGet)
Feb 8, 2024
NuGet Elevation of Privilege Vulnerability
High
CVE-2022-41032
was published
for
NuGet.CommandLine
(NuGet)
Oct 11, 2022
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
High
CVE-2024-29188
was published
for
WixToolset.Util.wixext
(NuGet)
Mar 25, 2024
ProTip!
Advisories are also available from the
GraphQL API