Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,115
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,417
Swift
61
Unreviewed advisories
All unreviewed
5,000+

994 advisories

Loading
CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality High
CVE-2026-54784 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages High
CVE-2026-54783 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation Critical
CVE-2026-54782 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced High
CVE-2026-54781 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass Low
CVE-2026-54780 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: SAML token replay protection is inoperative Moderate
CVE-2026-54779 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution Moderate
CVE-2026-54778 was published for CoreWCF.UnixDomainSocket (NuGet) Jun 19, 2026
CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance Moderate
CVE-2026-54777 was published for CoreWCF.NetNamedPipe (NuGet) Jun 19, 2026
CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade Moderate
CVE-2026-54776 was published for CoreWCF.UnixDomainSocket (NuGet) Jun 19, 2026
CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service. Moderate
CVE-2026-54775 was published for CoreWCF.Kafka (NuGet) Jun 19, 2026
CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate High
CVE-2026-54774 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: WS-Security signature substitution via document-wide Signature lookup Moderate
CVE-2026-54773 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake High
CVE-2026-54772 was published for CoreWCF.NetFramingBase (NuGet) Jun 19, 2026
DotVVM: Unrestricted file upload Moderate
GHSA-2rm3-333w-xvc4 was published for DotVVM (NuGet) Jun 19, 2026
DotVVM: Missing authorization in AuthorizeActionFilter Critical
GHSA-c8qj-jx8j-fg2w was published for DotVVM (NuGet) Jun 19, 2026
ReDoS in DotVVM routing High
GHSA-c2g3-c4gc-w5wg was published for DotVVM (NuGet) Jun 19, 2026
NCalc: Denial of Service via Unbounded and Non-Terminating Factorial Evaluation Moderate
CVE-2026-55254 was published for NCalc.Core (NuGet) Jun 18, 2026
pawlos Credited to pawlos and gumbarros gumbarros gumbarros
Microsoft Security Advisory CVE-2026-45491 – .NET Tampering Vulnerability Moderate
CVE-2026-45491 was published for Microsoft.NETCore.App.Runtime.linux-x64 (NuGet) Jun 16, 2026
Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability High
CVE-2026-45591 was published for Microsoft.AspNetCore.App.Runtime.linux-x64 (NuGet) Jun 15, 2026
MessagePack's LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input High
CVE-2026-48109 was published for MessagePack (NuGet) Jun 11, 2026
AArnott Credited to AArnott
TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection High
CVE-2026-47761 was published for TinyMCE (Composer) Jun 5, 2026
UncleJ4ck Credited to UncleJ4ck and ange-primiterra ange-primiterra ange-primiterra
TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments High
CVE-2026-47762 was published for TinyMCE (Composer) Jun 5, 2026
he1d3n Credited to he1d3n
TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes High
CVE-2026-47759 was published for TinyMCE (Composer) Jun 5, 2026
mtrill47 Credited to mtrill47 and he1d3n he1d3n he1d3n
TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs High
CVE-2026-47760 was published for TinyMCE (Composer) Jun 5, 2026
maple3142 Credited to maple3142
Nerdbank.MessagePack has Inefficient CPU Computation Moderate
GHSA-92vj-hp7m-gwcj was published for Nerdbank.MessagePack (NuGet) May 29, 2026
AArnott Credited to AArnott
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database