Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,877
Erlang
37
GitHub Actions
38
Go
2,532
Maven
5,000+
npm
4,191
NuGet
742
pip
3,970
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

218 advisories

Loading
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes Moderate
CVE-2024-29203 was published for TinyMCE (Composer) Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements Moderate
CVE-2024-29881 was published for TinyMCE (Composer) Mar 26, 2024
FullStackHero's WebAPI Boilerplate host header injection vulnerability Moderate
CVE-2024-26470 was published for FullStackHero.WebAPI.Boilerplate (NuGet) Feb 29, 2024
Cross-site Scripting in Serenity Moderate
CVE-2024-26318 was published for @serenity-is/corelib (npm) Feb 19, 2024
.NET Information Disclosure Vulnerability Moderate
CVE-2022-34716 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Feb 3, 2024
noymaor
Microsoft ASP.NET Core project templates vulnerable to denial of service Moderate
CVE-2024-21319 was published for Microsoft.IdentityModel.JsonWebTokens (NuGet) Jan 9, 2024
aried3r
Duplicate Advisory: Microsoft Identity Denial of service vulnerability Moderate
GHSA-8g9c-28fc-mcx2 was published for Microsoft.IdentityModel.JsonWebTokens (NuGet) Jan 9, 2024 withdrawn
morganbr brentschmaltz
GeoK keegan-caruso jennyf19 jmprieur
OWASP.AntiSamy mXSS when preserving comments Moderate
CVE-2023-51652 was published for OWASP.AntiSamy (NuGet) Jan 2, 2024
leeN spassarop
Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL) Moderate
CVE-2023-51662 was published for Snowflake.Data (NuGet) Dec 22, 2023
TimoVink
Privilege Escalation using Spoofing Moderate
CVE-2023-49273 was published for Umbraco.CMS (NuGet) Dec 13, 2023
jerpenol
DOM-XSS on Backoffice login screen. Moderate
CVE-2023-48313 was published for Umbraco.CMS (NuGet) Dec 13, 2023
RaphaelCSSilva
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
Ajax Pro Cross-site Scripting Moderate
CVE-2023-49289 was published for AjaxNetProfessional (NuGet) Dec 5, 2023
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes Moderate
CVE-2023-48219 was published for TinyMCE (Composer) Nov 15, 2023
masatokinugawa
Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability Moderate
CVE-2023-36558 was published for Microsoft.AspNetCore.Components (NuGet) Nov 14, 2023
TinyMCE XSS vulnerability in notificationManager.open API Moderate
CVE-2023-45819 was published for TinyMCE (Composer) Oct 19, 2023
ph5i
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin Moderate
CVE-2023-45818 was published for TinyMCE (Composer) Oct 19, 2023
masatokinugawa
Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free Moderate
CVE-2023-45814 was published for Bunkum (NuGet) Oct 19, 2023
jvyden
Microsoft Common Data Model SDK Denial of Service Vulnerability Moderate
CVE-2023-36566 was published for Microsoft.CommonDataModel.ObjectModel (Maven) Oct 10, 2023
degant
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content Moderate
CVE-2023-44390 was published for HtmlSanitizer (NuGet) Oct 4, 2023
Yaniv-git
Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability Moderate
CVE-2023-36799 was published for Microsoft.NETCore.App.Runtime.linux-arm (NuGet) Sep 12, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
SSCMS vulnerable to Cross Site Scripting Moderate
CVE-2023-2862 was published for SSCMS (NuGet) May 24, 2023
Exposure of Sensitive Information in OPC UA .NET Standard Reference Server Moderate
CVE-2023-31048 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) May 5, 2023
User account enumeration in Serenity Moderate
CVE-2023-31286 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database