GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
180 advisories
Filter by severity
DSInternals Credential Roaming Elevation of Privilege Vulnerability
Moderate
GHSA-vx2x-9cff-fhjw
was published
for
DSInternals.Common
(NuGet)
Dec 6, 2022
Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke
Moderate
CVE-2019-12562
was published
for
DotNetNuke.Core
(NuGet)
Nov 18, 2019
Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET
Moderate
CVE-2020-5268
was published
for
Sustainsys.Saml2
(NuGet)
Apr 22, 2020
Internal NCryptDecrypt method could be used externally from WindowsHello library.
Moderate
CVE-2020-11005
was published
for
HaemmerElectronics.SeppPenner.WindowsHello
(NuGet)
Apr 14, 2020
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)
Moderate
CVE-2016-7119
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv
Moderate
GHSA-3m2r-q8x3-xmf7
was published
for
Microsoft.AspNetCore.All
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core
Moderate
GHSA-cgpw-2gph-2r9g
was published
for
Microsoft.AspNetCore.All
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua
Moderate
CVE-2018-12087
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 16, 2018
OPC UA applications can allow a remote attacker to determine a Server's private key
Moderate
CVE-2018-7559
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects DotNetNuke.Core
Moderate
CVE-2015-1566
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2019-0746
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
System.Management.Automation subject to bypass via script debugging
Moderate
CVE-2019-1167
was published
for
System.Management.Automation
(NuGet)
Jul 17, 2019
Exposure of Sensitive Information to an Unauthorized Actor in DisCatSharp
Moderate
CVE-2022-24849
was published
for
DisCatSharp
(NuGet)
Apr 22, 2022
Improper Input Validation in .Net Framework API's
Moderate
CVE-2019-0657
was published
for
Microsoft.NETCore.App
(NuGet)
May 14, 2022
Improper Access Control in Telerik Extensions
Moderate
CVE-2018-17060
was published
for
TelerikMvcExtensions
(NuGet)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib
Moderate
CVE-2018-1002208
was published
for
SharpZipLib
(NuGet)
May 13, 2022
Tampering vulnerability in .NET Core
Moderate
CVE-2018-8416
was published
for
Microsoft.NETCore.App
(NuGet)
May 13, 2022
Open redirect in ASP.NET Core
Moderate
CVE-2019-1075
was published
for
Microsoft.AspNetCore.All
(NuGet)
May 24, 2022
Cross site scripting in SiteServer CMS
Moderate
CVE-2021-42656
was published
for
SSCMS
(NuGet)
May 25, 2022
Cross-site Scripting in ZKEACMS
Moderate
CVE-2022-29362
was published
for
ZKEACMS.Publisher
(NuGet)
May 26, 2022
Cross site scripting attack in ServiceStack Framework
Moderate
CVE-2019-1010199
was published
for
ServiceStack
(NuGet)
May 24, 2022
Weak private key generation in SSH.NET
Moderate
CVE-2022-29245
was published
for
SSH.NET
(NuGet)
Jun 1, 2022
OrchardCore vulnerable to HTML injection
Moderate
CVE-2022-32173
was published
for
OrchardCore
(NuGet)
Oct 4, 2022
DNN vulnerable to Relative Path Traversal
Moderate
CVE-2022-2922
was published
for
DotNetNuke.Core
(NuGet)
Oct 1, 2022
ProTip!
Advisories are also available from the
GraphQL API