Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

474 advisories

Loading
Azure Storage Movement Client Library Denial of Service Vulnerability High
CVE-2024-35252 was published for Microsoft.Azure.Storage.DataMovement (NuGet) Jun 11, 2024
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow High
CVE-2024-32655 was published for Npgsql (NuGet) May 9, 2024
paul-gerste-sonarsource Credited to paul-gerste-sonarsource and NinoFloris NinoFloris NinoFloris
.NET Elevation of Privilege Vulnerability High
CVE-2024-21409 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) Apr 17, 2024
rbhanda Credited to rbhanda
WiX based installers are vulnerable to binary hijack when run as SYSTEM High
CVE-2024-29187 was published for WixToolset.Sdk (NuGet) Mar 25, 2024
KNaceri Credited to KNaceri and rohitmothe rohitmothe rohitmothe
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files High
CVE-2024-29188 was published for WixToolset.Util.wixext (NuGet) Mar 25, 2024
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM High
GHSA-g4v6-69p6-q3p4 was published for PanelSwWix4.Sdk (NuGet) Mar 25, 2024
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM High
GHSA-wq88-fq4x-h2pm was published for PanelSW.Custom.WiX (NuGet) Mar 25, 2024
CoreWCF NetFraming based services can leave connections open when they should be closed High
CVE-2024-28252 was published for CoreWCF.NetFramingBase (NuGet) Mar 15, 2024
mirek-kopacka Credited to mirek-kopacka, birojnayak, and mconnew birojnayak birojnayak
mconnew mconnew
Remote Denial of Service Vulnerability in Microsoft QUIC High
GHSA-2x7m-gf85-3745 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Mar 13, 2024
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability High
CVE-2024-21392 was published for Microsoft.NETCore.App.Runtime.linux-arm (NuGet) Mar 12, 2024
r3kumar Credited to r3kumar and TAINA-AntonyBingham TAINA-AntonyBingham TAINA-AntonyBingham
Use After Free in SixLabors.ImageSharp High
CVE-2024-27929 was published for SixLabors.ImageSharp (NuGet) Mar 5, 2024
antonfirsov Credited to antonfirsov and Luzenna Luzenna Luzenna
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability High
CVE-2024-21386 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Feb 13, 2024
bbossola Credited to bbossola, gillarramendi, and sunnypatell gillarramendi gillarramendi
sunnypatell sunnypatell
Duplicate Advisory: Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability High
GHSA-32q7-gv7f-4cg5 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Feb 13, 2024 withdrawn
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges High
GHSA-8v28-3g86-chj5 was published for PanelSwWix4.Sdk (NuGet) Feb 8, 2024
Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges High
GHSA-259p-rvjx-ffwg was published for PanelSW.Custom.WiX (NuGet) Feb 8, 2024
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges High
CVE-2024-24810 was published for wix (NuGet) Feb 8, 2024
ppv-milestone Credited to ppv-milestone and robmen robmen robmen
PowerShell is subject to remote code execution vulnerability High
GHSA-jcmq-5rrv-j2g4 was published for PowerShell (NuGet) Feb 2, 2024
TrueLayer.Client SSRF when fetching payment or payment provider High
CVE-2024-23838 was published for TrueLayer.Client (NuGet) Jan 30, 2024
foldedbits Credited to foldedbits
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass High
CVE-2024-0056 was published for Microsoft.Data.SqlClient (NuGet) Jan 9, 2024
cheenamalhotra Credited to cheenamalhotra
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability High
CVE-2024-21643 was published for Microsoft.IdentityModel.Protocols.SignedHttpRequest (NuGet) Jan 9, 2024
rymeskar Credited to rymeskar, brentschmaltz, GeoK, keegan-caruso, jmprieur, jennyf19, and TimHannMSFT brentschmaltz brentschmaltz
GeoK GeoK keegan-caruso keegan-caruso jmprieur jmprieur jennyf19 jennyf19 TimHannMSFT TimHannMSFT
Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json High
GHSA-8rfx-6mr3-5jh3 was published for Newtonsoft.Json (NuGet) Jan 3, 2024 withdrawn
Duplicate Advisory: Denial of service in CBOR library High
GHSA-hf3r-vmrv-7w29 was published for PeterO.Cbor (NuGet) Jan 3, 2024 withdrawn
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability High
CVE-2023-36049 was published for System.Net.Requests (NuGet) Nov 14, 2023
MsQuic Remote Denial of Service Vulnerability High
CVE-2023-36435 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Oct 10, 2023
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel High
CVE-2023-38171 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Oct 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database