Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,730
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

711 advisories

Loading
CefSharp affected by incorrect handle provided in unspecified circumstances in Mojo on Windows High
GHSA-f87w-3j5w-v58p was published for CefSharp.OffScreen (NuGet) Apr 12, 2025
Apache ActiveMQ NMS OpenWire Client Deserialization of Untrusted Data vulnerability Critical
CVE-2025-29953 was published for Apache.NMS.ActiveMQ (NuGet) Apr 18, 2025
Infinite loop condition in Amazon.IonDotnet High
CVE-2025-3857 was published for Amazon.IonDotnet (NuGet) Apr 21, 2025
YoutubeDLSharp allows command injection on windows system due to non sanitized arguments Critical
CVE-2025-43858 was published for YoutubeDLSharp (NuGet) Apr 23, 2025
kitsumed alxnull
Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file Low
CVE-2025-46326 was published for Snowflake.Data (NuGet) Apr 28, 2025
Umbraco Makes User Enumeration Feasible Based on Timing of Login Response Moderate
CVE-2025-46736 was published for Umbraco.Cms (NuGet) May 6, 2025
arneHildrum KireB
krieriks
Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow Low
CVE-2025-47280 was published for Umbraco.Forms (NuGet) May 13, 2025
Microsoft.Build.Tasks.Core .NET Spoofing Vulnerability Low
CVE-2025-26646 was published for Microsoft.Build.Tasks.Core (NuGet) May 13, 2025
udlose
DNN site Import could use an external source with a crafted request Low
CVE-2025-48376 was published for DotNetNuke.SiteExportImport (NuGet) May 23, 2025
valadas donker
bdukes
Reflected Cross-Site Scripting (XSS) in module actions in edit mode Moderate
CVE-2025-48377 was published for DotNetNuke.Core (NuGet) May 23, 2025
bdukes david-poindexter
valadas
DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline Moderate
CVE-2025-48378 was published for DotNetNuke.Core (NuGet) May 23, 2025
bdukes david-poindexter
valadas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database