GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
180 advisories
Filter by severity
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
jQuery
(RubyGems)
Apr 29, 2020
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
jquery
(RubyGems)
Apr 29, 2020
Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET
Moderate
CVE-2020-5268
was published
for
Sustainsys.Saml2
(NuGet)
Apr 22, 2020
Internal NCryptDecrypt method could be used externally from WindowsHello library.
Moderate
CVE-2020-11005
was published
for
HaemmerElectronics.SeppPenner.WindowsHello
(NuGet)
Apr 14, 2020
Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack
Moderate
CVE-2020-5234
was published
for
MessagePack
(NuGet)
Jan 31, 2020
Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke
Moderate
CVE-2019-12562
was published
for
DotNetNuke.Core
(NuGet)
Nov 18, 2019
Directory Traversal in SharpCompress
Moderate
CVE-2018-1002206
was published
for
sharpcompress
(NuGet)
Sep 11, 2019
Cross-site scripting in CLEditor
Moderate
CVE-2019-1010113
was published
for
CLEditor
(NuGet)
Jul 26, 2019
System.Management.Automation subject to bypass via script debugging
Moderate
CVE-2019-1167
was published
for
System.Management.Automation
(NuGet)
Jul 17, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Duplicate Advisory: Prototype Pollution in jquery
Moderate
CVE-2019-5428
was published
for
jquery
(RubyGems)
Apr 23, 2019
•
withdrawn
Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2019-0746
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2016-10735
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core
Moderate
GHSA-cgpw-2gph-2r9g
was published
for
Microsoft.AspNetCore.All
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv
Moderate
GHSA-3m2r-q8x3-xmf7
was published
for
Microsoft.AspNetCore.All
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core
Moderate
CVE-2017-0248
was published
for
Microsoft.AspNetCore.Mvc
(NuGet)
Oct 16, 2018
OPC UA applications can allow a remote attacker to determine a Server's private key
Moderate
CVE-2018-7559
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc
Moderate
CVE-2017-0256
was published
for
Microsoft.AspNetCore.Mvc
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua
Moderate
CVE-2018-12087
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 16, 2018
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)
Moderate
CVE-2016-7119
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects DotNetNuke.Core
Moderate
CVE-2015-1566
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
ProTip!
Advisories are also available from the
GraphQL API