GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
                  
                    
                      
                      All reviewed
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      Composer
                    
                    
                      4,950
                    
                  
                  
                    
                      
                      Erlang
                    
                    
                      39
                    
                  
                  
                    
                      
                      GitHub Actions
                    
                    
                      38
                    
                  
                  
                    
                      
                      Go
                    
                    
                      2,603
                    
                  
                  
                    
                      
                      Maven
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      npm
                    
                    
                      4,250
                    
                  
                  
                    
                      
                      NuGet
                    
                    
                      755
                    
                  
                  
                    
                      
                      pip
                    
                    
                      4,013
                    
                  
                  
                    
                      
                      Pub
                    
                    
                      12
                    
                  
                  
                    
                      
                      RubyGems
                    
                    
                      953
                    
                  
                  
                    
                      
                      Rust
                    
                    
                      1,048
                    
                  
                  
                    
                      
                      Swift
                    
                    
                      45
                    
                  
                  Unreviewed advisories
                  
                    
                      
                      All unreviewed
                    
                    
                      5,000+
                    
                  
            445 advisories
        Filter by severity
        
      
      
    
                    
                      Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability
                    
                      
  High
                    
                
                      
                        CVE-2025-24070
                      
                      was published
                        for
                        
                          Microsoft.AspNetCore.App.Runtime.linux-arm
                        
                        (NuGet)
                      Mar 11, 2025 
                    
                  
                    
                      .NET Denial of Service Vulnerability
                    
                      
  High
                    
                
                      
                        CVE-2023-38180
                      
                      was published
                        for
                        
                          Microsoft.AspNetCore.App.Runtime.win-arm64
                        
                        (NuGet)
                      Aug 9, 2023 
                    
                  
                    
                      .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
                    
                      
  High
                    
                
                      
                        CVE-2020-1147
                      
                      was published
                        for
                        
                          Microsoft.NETCore.App
                        
                        (NuGet)
                      May 24, 2022 
                    
                  
                    
                      Inadequate Encryption Strength in DotNetNuke
                    
                      
  High
                    
                
                      
                        CVE-2018-18325
                      
                      was published
                        for
                        
                          DotNetNuke.Core
                        
                        (NuGet)
                      Jul 5, 2019 
                    
                  
                    
                      Inadequate Encryption Strength in DotNetNuke
                    
                      
  High
                    
                
                      
                        CVE-2018-15811
                      
                      was published
                        for
                        
                          DotNetNuke.Core
                        
                        (NuGet)
                      Jul 5, 2019 
                    
                  
                    
                      ChakraCore RCE Vulnerability
                    
                      
  High
                    
                
                      
                        CVE-2018-8298
                      
                      was published
                        for
                        
                          Microsoft.ChakraCore
                        
                        (NuGet)
                      May 13, 2022 
                    
                  
                    
                      ChakraCore RCE Vulnerability
                    
                      
  High
                    
                
                      
                        CVE-2016-7200
                      
                      was published
                        for
                        
                          Microsoft.ChakraCore
                        
                        (NuGet)
                      May 14, 2022 
                    
                  
                    
                      ChakraCore RCE Vulnerability
                    
                      
  High
                    
                
                      
                        CVE-2016-7201
                      
                      was published
                        for
                        
                          Microsoft.ChakraCore
                        
                        (NuGet)
                      May 14, 2022 
                    
                  
                    
                      Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability
                    
                      
  High
                    
                
                      
                        CVE-2025-55247
                      
                      was published
                        for
                        
                          Microsoft.Build
                        
                        (NuGet)
                      Oct 15, 2025 
                    
                  
                    
                      Duplicate Advisory: Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability
                    
                      
  High
                    
                
                      
                        GHSA-q8g5-rw97-f55h
                      
                      was published
                        for
                        
                          Microsoft.Build.Tasks.Core
                        
                        (NuGet)
                      Oct 14, 2025 
                        •
                        
                          withdrawn
                    
                  
                    
                      Infinite loop condition in Amazon.IonDotnet
                    
                      
  High
                    
                
                      
                        CVE-2025-3857
                      
                      was published
                        for
                        
                          Amazon.IonDotnet
                        
                        (NuGet)
                      Apr 21, 2025 
                    
                  
                    
                      PowerShell Elevation of Privilege Vulnerability
                    
                      
  High
                    
                
                      
                        CVE-2022-26788
                      
                      was published
                        for
                        
                          Microsoft.PowerShell.SDK
                        
                        (NuGet)
                      Apr 16, 2022 
                    
                  
                    
                      ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution
                    
                      
  High
                    
                
                      
                        CVE-2025-55298
                      
                      was published
                        for
                        
                          Magick.NET-Q16-AnyCPU
                        
                        (NuGet)
                      Aug 26, 2025 
                    
                  
                    
                      Amazon.IonDotnet is vulnerable to Denial of Service attacks
                    
                      
  High
                    
                
                      
                        CVE-2025-11573
                      
                      was published
                        for
                        
                          Amazon.IonDotnet
                        
                        (NuGet)
                      Oct 9, 2025 
                    
                  
                    
                      ImageMagick has a Stack Buffer Overflow in image.c
                    
                      
  High
                    
                
                      
                        CVE-2025-53101
                      
                      was published
                        for
                        
                          Magick.NET-Q16-AnyCPU
                        
                        (NuGet)
                      Aug 25, 2025 
                    
                  
                    
                      Out-of-bounds Write in Chakra
                    
                      
  High
                    
                
                      
                        CVE-2020-17131
                      
                      was published
                        for
                        
                          Microsoft.ChakraCore
                        
                        (NuGet)
                      Apr 13, 2021 
                    
                  
                    
                      ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow
                    
                      
  High
                    
                
                      
                        CVE-2025-57803
                      
                      was published
                        for
                        
                          Magick.NET-Q16-AnyCPU
                        
                        (NuGet)
                      Aug 26, 2025 
                    
                  
                    
                      Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers
                    
                      
  High
                    
                
                      
                        CVE-2021-22570
                      
                      was published
                        for
                        
                          Google.Protobuf
                        
                        (Composer)
                      Jan 27, 2022 
                        •
                        
                          withdrawn
                    
                  
                    
                      imagemagick: integer overflows in MNG magnification
                    
                      
  High
                    
                
                      
                        CVE-2025-55154
                      
                      was published
                        for
                        
                          Magick.NET-Q16-AnyCPU
                        
                        (NuGet)
                      Aug 25, 2025 
                    
                  
                    
                      imagemagick: heap-buffer overflow read in MNG magnification with alpha
                    
                      
  High
                    
                
                      
                        CVE-2025-55004
                      
                      was published
                        for
                        
                          Magick.NET-Q16-AnyCPU
                        
                        (NuGet)
                      Aug 25, 2025 
                    
                  
                    
                      ImageMagick has XMP profile write that triggers hang due to unbounded loop
                    
                      
  High
                    
                
                      
                        CVE-2025-53015
                      
                      was published
                        for
                        
                          Magick.NET-Q16-AnyCPU
                        
                        (NuGet)
                      Jul 23, 2025 
                    
                  
                    
                      protobuf susceptible to buffer overflow
                    
                      
  High
                    
                
                      
                        CVE-2015-5237
                      
                      was published
                        for
                        
                          Google.Protobuf
                        
                        (Composer)
                      May 13, 2022 
                    
                  
                    
                      libwebp: OOB write in BuildHuffmanTable
                    
                      
  High
                    
                
                      
                        CVE-2023-4863
                      
                      was published
                        for
                        
                          Pillow
                        
                        (Go)
                      Sep 12, 2023 
                    
                  
                    
                      DNN.PLATFORM possibly allows bypass of IP Filters
                    
                      
  High
                    
                
                      
                        CVE-2025-52487
                      
                      was published
                        for
                        
                          DNN.PLATFORM
                        
                        (NuGet)
                      Jun 20, 2025 
                    
                  
        
        ProTip!
        Advisories are also available from the 
        GraphQL API