GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
657 advisories
Filter by severity
HTTP Client uses incorrect token after refresh
Moderate
CVE-2024-51987
was published
for
Duende.AccessTokenManagement.OpenIdConnect
(NuGet)
Nov 7, 2024
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes
Critical
CVE-2024-51501
was published
for
Refit
(NuGet)
Nov 4, 2024
Umbraco CMS Cross-site Scripting vulnerability
Low
CVE-2024-10761
was published
for
Umbraco.Cms.Core
(NuGet)
Nov 4, 2024
Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability
High
CVE-2024-43383
was published
for
Lucene.Net.Replicator
(NuGet)
Oct 31, 2024
ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected
Moderate
CVE-2024-50353
was published
for
ICG.AspNetCore.Utilities.CloudStorage
(NuGet)
Oct 30, 2024
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs
Low
CVE-2024-49755
was published
for
Duende.IdentityServer
(NuGet)
Oct 28, 2024
MPXJ has a Potential Path Traversal Vulnerability
Moderate
CVE-2024-49771
was published
for
MPXJ.Net
(RubyGems)
Oct 28, 2024
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out
Moderate
CVE-2024-48929
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
Moderate
CVE-2024-48927
was published
for
Umbraco.Cms
(NuGet)
Oct 22, 2024
Umbraco CMS logout page displayed before session expiration
Moderate
CVE-2024-48926
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Low
CVE-2024-48925
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
Moderate
CVE-2024-47819
was published
for
@umbraco-cms/backoffice
(npm)
Oct 22, 2024
Security Update for the OPC UA .NET Standard Stack
Moderate
CVE-2024-45526
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 18, 2024
Security Update for the OPC UA .NET Standard Stack
High
GHSA-qm9f-c3v9-wphv
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 18, 2024
MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow
Moderate
CVE-2024-48924
was published
for
MessagePack
(NuGet)
Oct 17, 2024
Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability
High
CVE-2024-43485
was published
for
System.Text.Json
(NuGet)
Oct 8, 2024
Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability
High
CVE-2024-43484
was published
for
System.IO.Packaging
(NuGet)
Oct 8, 2024
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability
High
CVE-2024-43483
was published
for
Microsoft.Extensions.Caching.Memory
(NuGet)
Oct 8, 2024
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability
High
CVE-2024-38229
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Oct 8, 2024
CRLF Injection in RestSharp's `RestRequest.AddHeader` method
Moderate
CVE-2024-45302
was published
for
RestSharp
(NuGet)
Aug 29, 2024
Serilog Client IP Spoofing vulnerability
Moderate
CVE-2024-44930
was published
for
Serilog.Enrichers.ClientInfo
(NuGet)
Aug 29, 2024
Umbraco CMS Improper Access Control vulnerability
Moderate
CVE-2024-43377
was published
for
Umbraco.Cms
(NuGet)
Aug 20, 2024
Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-43376
was published
for
Umbraco.Cms.Api.Management
(NuGet)
Aug 20, 2024
Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability
High
CVE-2024-38168
was published
for
Microsoft.AspNetCore.App.Runtime.win-arm
(NuGet)
Aug 13, 2024
Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability
Moderate
CVE-2024-38167
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Aug 13, 2024
ProTip!
Advisories are also available from the
GraphQL API