Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

287 advisories

Loading
Umbraco CMS contains a server-side request forgery vulnerability Moderate
CVE-2021-47776 was published for UmbracoCms (NuGet) Jan 15, 2026
ImageMagick's failure to limit MVG mutual causes Stack Overflow Moderate
CVE-2025-68950 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 30, 2025
ylwango613 Credited to ylwango613
ImageMagick's failure to limit the depth of SVG file reads caused a DoS attack Moderate
CVE-2025-68618 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 30, 2025
ylwango613 Credited to ylwango613
Umbraco CMS has an arbitrary file upload vulnerability Moderate
CVE-2025-67288 was published for Umbraco.Cms (NuGet) Dec 22, 2025
legacy-git Credited to legacy-git
Amazon S3 Encryption Client for .NET has a Key Commitment Issue Moderate
CVE-2025-14759 was published for Amazon.Extensions.S3.Encryption (NuGet) Dec 18, 2025
ABP Account Module has an Open Redirect through Improper validation in its register function Moderate
CVE-2025-65581 was published for Volo.Abp.Account.Web (NuGet) Dec 16, 2025
Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality Moderate
CVE-2025-66625 was published for Umbraco.Cms (NuGet) Dec 9, 2025
Withdrawn Advisory: ImageMagick has a use-after-free/double-free risk in Options::fontFamily when clearing family Moderate
CVE-2025-65955 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 3, 2025 withdrawn
LuiginoC Credited to LuiginoC
DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload Moderate
CVE-2025-64094 was published for DotNetNuke.Core (NuGet) Oct 29, 2025
pdstat Credited to pdstat, bdukes, mitchelsellers, and valadas bdukes bdukes
mitchelsellers mitchelsellers valadas valadas
DNN CKEditor Provider allows unauthenticated upload out-of-the-box Moderate
CVE-2025-62802 was published for Dnn.Platform (NuGet) Oct 29, 2025
r90727 Credited to r90727, bdukes, donker, david-poindexter, and mitchelsellers bdukes bdukes
donker donker david-poindexter david-poindexter mitchelsellers mitchelsellers
ImageMagick has Integer Overflow in BMP Decoder (ReadBMP) Moderate
CVE-2025-62171 was published for Magick.NET-Q16-AnyCPU (NuGet) Oct 28, 2025
wooseokdotkim Credited to wooseokdotkim
ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS) Moderate
CVE-2025-62594 was published for Magick.NET-Q16-HDRI-OpenMP-arm64 (NuGet) Oct 27, 2025
amethyst0225 Credited to amethyst0225, jin-156, hanbunny, and yosiimich jin-156 jin-156
hanbunny hanbunny yosiimich yosiimich
Piranha CMS vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2025-61413 was published for Piranha (NuGet) Oct 23, 2025
Mammoth is vulnerable to Directory Traversal Moderate
CVE-2025-11849 was published for Mammoth (Maven) Oct 17, 2025
Smidge is vulnerable to Path Traversal Moderate
CVE-2025-11842 was published for Smidge (NuGet) Oct 16, 2025
Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability Moderate
CVE-2025-55248 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Oct 15, 2025
Duplicate Advisory: Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability Moderate
GHSA-987x-96fq-9384 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Oct 14, 2025 withdrawn
FormCMS has an improper access control vulnerability in the /api/schemas/history/[schemaId] endpoint Moderate
CVE-2025-55797 was published for FormCMS (NuGet) Sep 30, 2025
PiranhaCMS stored XSS Moderate
CVE-2025-57692 was published for Piranha (NuGet) Sep 26, 2025
DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile Moderate
CVE-2025-59821 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes Credited to bdukes, david-poindexter, and valadas david-poindexter david-poindexter
valadas valadas
DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field Moderate
CVE-2025-59539 was published for DotNetNuke.Core (NuGet) Sep 22, 2025
bdukes Credited to bdukes, valadas, and mitchelsellers valadas valadas
mitchelsellers mitchelsellers
DNN allows loading unused themes on anonymous clients through query parameters Moderate
CVE-2025-59535 was published for DotNetNuke.Core (NuGet) Sep 22, 2025
6TELOIV Credited to 6TELOIV, bdukes, and valadas bdukes bdukes
valadas valadas
Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain Moderate
CVE-2025-9708 was published for KubernetesClient (NuGet) Sep 17, 2025
FormCms avatar upload feature has a stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-56236 was published for FormCMS (NuGet) Aug 28, 2025
ImageMagick has Undefined Behavior (function-type-mismatch) in CloneSplayTree Moderate
CVE-2025-55160 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
mescuwa Credited to mescuwa
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database