GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
638 advisories
Filter by severity
Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack
Moderate
CVE-2020-5234
was published
for
MessagePack
(NuGet)
Jan 31, 2020
Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke
Moderate
CVE-2019-12562
was published
for
DotNetNuke.Core
(NuGet)
Nov 18, 2019
Improper Authentication in Auth0.AuthenticationApi
High
CVE-2019-16929
was published
for
Auth0.AuthenticationApi
(NuGet)
Oct 24, 2019
High severity vulnerability that affects PeterO.Cbor
High
GHSA-cxw4-9qv9-vx5h
was published
for
PeterO.Cbor
(NuGet)
Sep 30, 2019
High severity vulnerability that affects System.Management.Automation
High
CVE-2019-1301
was published
for
System.Management.Automation
(NuGet)
Sep 13, 2019
Directory Traversal in SharpCompress
Moderate
CVE-2018-1002206
was published
for
sharpcompress
(NuGet)
Sep 11, 2019
Uncontrolled Resource Consumption in MetadataExtractor
High
CVE-2019-14262
was published
for
MetadataExtractor
(NuGet)
Aug 23, 2019
Vulnerability in Azure Active Directory Authentication Library
High
CVE-2019-1258
was published
for
microsoft.identitymodel.clients.activedirectory
(NuGet)
Aug 16, 2019
Cross-site scripting in CLEditor
Moderate
CVE-2019-1010113
was published
for
CLEditor
(NuGet)
Jul 26, 2019
System.Management.Automation subject to bypass via script debugging
Moderate
CVE-2019-1167
was published
for
System.Management.Automation
(NuGet)
Jul 17, 2019
MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation
Critical
CVE-2019-9845
was published
for
MadsKristensen.AspNetCore.Miniblog
(NuGet)
Jul 5, 2019
Inadequate Encryption Strength in DotNetNuke
High
CVE-2018-15811
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Insufficient Entropy in DotNetNuke
High
CVE-2018-15812
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Insufficient Entropy in DotNetNuke
High
CVE-2018-18326
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Inadequate Encryption Strength in DotNetNuke
High
CVE-2018-18325
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Low severity vulnerability that affects Gw2Sharp
Low
GHSA-4vr3-9v7h-5f8v
was published
for
Gw2Sharp
(NuGet)
Jun 18, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Duplicate Advisory: Prototype Pollution in jquery
Moderate
CVE-2019-5428
was published
for
jquery
(RubyGems)
Apr 23, 2019
•
withdrawn
Critical severity vulnerability that affects Auth0-WCF-Service-JWT
Critical
CVE-2019-7644
was published
for
Auth0-WCF-Service-JWT
(NuGet)
Apr 18, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0639
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0609
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0592
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0611
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0769
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2019-0746
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
ProTip!
Advisories are also available from the
GraphQL API