Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,026
Maven
5,000+
npm
4,763
NuGet
824
pip
4,366
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

57 advisories

Loading
Use of Hard-coded Credentials in AgileConfig.Client Critical
CVE-2022-35540 was published for AgileConfig.Client (NuGet) Aug 19, 2022
.NET Core Remote Code Execution Vulnerability Critical
CVE-2021-24112 was published for System.Drawing.Common (NuGet) May 24, 2022
QuantConnect Lean vulnerable to insecure deserialization Critical
CVE-2020-20136 was published for QuantConnect.Common (NuGet) May 24, 2022
AutoUpdater.NET allows XXE Critical
CVE-2019-20627 was published for Autoupdater.NET.Official (NuGet) May 24, 2022
Blogifier does not properly restrict APIs Critical
CVE-2019-12277 was published for Blogifier.Core (NuGet) May 24, 2022
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability Critical
CVE-2014-4172 was published for DotNetCasClient (Composer) May 17, 2022
MarkLee131
Credited to MarkLee131
ChakraCore RCE Vulnerability Critical
CVE-2017-0252 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
New Relic .NET Agent contains SQL Injection Critical
CVE-2017-9246 was published for NewRelic.Agent (NuGet) May 17, 2022
ChakraCore RCE Vulnerability Critical
CVE-2017-0223 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
Deserialization of Untrusted Data in NancyFX Nancy Critical
CVE-2017-9785 was published for Nancy (NuGet) May 17, 2022
ChakraCore RCE Vulnerability Critical
CVE-2017-8658 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
Improper Input Validation in IpMatcher Critical
CVE-2021-33318 was published for IpMatcher (NuGet) May 17, 2022
curl FTP path confusion leads to NIL byte out of bounds write Critical
CVE-2018-1000120 was published for curl (NuGet) May 14, 2022
joelverhagen
Credited to joelverhagen
Duplicate Advisory: tgstation-server vulnerable to cached user logins in legacy server Critical
GHSA-7r36-jf3c-jhp4 was published for TGServiceInterface (NuGet) May 13, 2022 withdrawn
ChakraCore vulnerable to privilege escalation Critical
CVE-2017-11767 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
ChakraCore RCE Vulnerability Critical
CVE-2018-8500 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
Deserialization of Untrusted Data in SinGooCMS.Utility Critical
CVE-2022-0749 was published for SinGooCMS.Utility (NuGet) Mar 18, 2022
Code injection in RazorEngine Critical
CVE-2021-46703 was published for RazorEngine (NuGet) Mar 7, 2022
skofman1 malmor
Credited to skofman1 and malmor
Duplicate Advisory: Remote Code Execution in AjaxNetProfessional Critical
GHSA-74r6-grj9-8rq6 was published for AjaxNetProfessional (NuGet) Dec 16, 2021 withdrawn
Remote Code Execution in AjaxNetProfessional Critical
CVE-2021-23758 was published for AjaxNetProfessional (NuGet) Dec 7, 2021
h0ng10 mwulftange
Credited to h0ng10 and mwulftange
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43569 was published for starkbank-ecdsa (NuGet) Nov 10, 2021
Remote Code Execution in Halibut Critical
CVE-2021-31819 was published for Halibut (NuGet) Sep 23, 2021
Imporoper path validation in elFinder.NetCore Critical
CVE-2021-23427 was published for elFinder.NetCore (NuGet) Sep 2, 2021
Missing Authorization in FastReport Critical
CVE-2020-27998 was published for FastReport.OpenSource (NuGet) Aug 2, 2021
Insecure deserialization in Wire Critical
CVE-2021-29508 was published for Wire (NuGet) May 19, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database