Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,361
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,794
NuGet
685
pip
3,473
Pub
12
RubyGems
895
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

45 advisories

Loading
AspNetCore Remote Authenticator for CIE3.0 Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24895 was published for CIE.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Paupu
fromVeeko
The AspNetCore Remote Authenticator for SPID Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24894 was published for SPID.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Paupu
fromVeeko
.NET Remote Code Execution Vulnerability Critical
CVE-2024-43498 was published for System.Formats.Nrbf (NuGet) Nov 12, 2024
matt-phylum
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability Critical
CVE-2024-35264 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Jul 9, 2024
Duplicate Advisory: .NET and Visual Studio Remote Code Execution Vulnerability Critical
GHSA-8rxm-6783-qh55 was published for System.Formats.Nrbf (NuGet) Nov 12, 2024 withdrawn
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes Critical
CVE-2024-51501 was published for Refit (NuGet) Nov 4, 2024
sofiaml glennawatson
CLSA Directory Traversal vulnerability Critical
CVE-2024-28698 was published for Csla (NuGet) Jul 22, 2024
rockfordlhotka
Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability Critical
GHSA-jw42-5m4v-9c8g was published for NuGet.CommandLine (NuGet) Jan 9, 2024 withdrawn
NuGet Client Security Feature Bypass Vulnerability Critical
CVE-2024-0057 was published for NuGet.CommandLine (NuGet) Feb 13, 2024
JarLob
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability Critical
CVE-2014-4172 was published for DotNetCasClient (Composer) May 17, 2022
MarkLee131
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability Critical
CVE-2024-21386 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Feb 13, 2024
bbossola gillarramendi
.NET Core Remote Code Execution Vulnerability Critical
CVE-2021-26701 was published for System.Text.Encodings.Web (NuGet) Apr 21, 2021
Remote Code Execution in AjaxNetProfessional Critical
CVE-2021-23758 was published for AjaxNetProfessional (NuGet) Dec 16, 2021
Dynamic Linq vulnerable to remote code execution Critical
CVE-2023-32571 was published for System.Linq.Dynamic.Core (NuGet) Jun 22, 2023
ChakraCore RCE Vulnerability Critical
CVE-2017-0252 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
New Relic .NET Agent contains SQL Injection Critical
CVE-2017-9246 was published for NewRelic.Agent (NuGet) May 17, 2022
ChakraCore RCE Vulnerability Critical
CVE-2017-0223 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
ChakraCore RCE Vulnerability Critical
CVE-2017-8658 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
ChakraCore vulnerable to privilege escalation Critical
CVE-2017-11767 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
ChakraCore RCE Vulnerability Critical
CVE-2018-8500 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
CefSharp affected by heap buffer overflow in WebP Critical
GHSA-j646-gj5p-p45g was published for CefSharp.Common (NuGet) Sep 21, 2023
AutoUpdater.NET allows XXE Critical
CVE-2019-20627 was published for Autoupdater.NET.Official (NuGet) May 24, 2022
Improper Input Validation in IpMatcher Critical
CVE-2021-33318 was published for IpMatcher (NuGet) May 17, 2022
QuantConnect Lean vulnerable to insecure deserialization Critical
CVE-2020-20136 was published for QuantConnect.Common (NuGet) May 24, 2022
Duplicate Advisory: tgstation-server vulnerable to cached user logins in legacy server Critical
GHSA-7r36-jf3c-jhp4 was published for TGServiceInterface (NuGet) May 13, 2022 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database