Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

663 advisories

Loading
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM High
GHSA-g4v6-69p6-q3p4 was published for PanelSwWix4.Sdk (NuGet) Mar 25, 2024
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM High
GHSA-wq88-fq4x-h2pm was published for PanelSW.Custom.WiX (NuGet) Mar 25, 2024
Umbraco possible user enumeration Low
CVE-2024-28868 was published for UmbracoCMS (NuGet) Mar 20, 2024
poan21
CoreWCF NetFraming based services can leave connections open when they should be closed High
CVE-2024-28252 was published for CoreWCF.NetFramingBase (NuGet) Mar 15, 2024
mirek-kopacka birojnayak
mconnew
Remote Denial of Service Vulnerability in Microsoft QUIC High
GHSA-2x7m-gf85-3745 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Mar 13, 2024
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability High
CVE-2024-21392 was published for Microsoft.NETCore.App.Runtime.linux-arm (NuGet) Mar 12, 2024
r3kumar TAINA-AntonyBingham
Use After Free in SixLabors.ImageSharp High
CVE-2024-27929 was published for SixLabors.ImageSharp (NuGet) Mar 5, 2024
antonfirsov Luzenna
FullStackHero's WebAPI Boilerplate host header injection vulnerability Moderate
CVE-2024-26470 was published for FullStackHero.WebAPI.Boilerplate (NuGet) Feb 29, 2024
Cross-site Scripting in Serenity Moderate
CVE-2024-26318 was published for @serenity-is/corelib (npm) Feb 19, 2024
NuGet Client Security Feature Bypass Vulnerability Critical
CVE-2024-0057 was published for NuGet.CommandLine (NuGet) Feb 13, 2024
JarLob
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability Critical
CVE-2024-21386 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Feb 13, 2024
bbossola gillarramendi
Duplicate Advisory: Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability High
GHSA-32q7-gv7f-4cg5 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Feb 13, 2024 withdrawn
.NET Information Disclosure Vulnerability Moderate
CVE-2022-34716 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Feb 3, 2024
noymaor
PowerShell is subject to remote code execution vulnerability High
GHSA-jcmq-5rrv-j2g4 was published for PowerShell (NuGet) Feb 2, 2024
TrueLayer.Client SSRF when fetching payment or payment provider High
CVE-2024-23838 was published for TrueLayer.Client (NuGet) Jan 30, 2024
foldedbits
Microsoft ASP.NET Core project templates vulnerable to denial of service Moderate
CVE-2024-21319 was published for Microsoft.IdentityModel.JsonWebTokens (NuGet) Jan 9, 2024
aried3r
Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability Critical
GHSA-jw42-5m4v-9c8g was published for NuGet.CommandLine (NuGet) Jan 9, 2024 withdrawn
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass High
CVE-2024-0056 was published for Microsoft.Data.SqlClient (NuGet) Jan 9, 2024
cheenamalhotra
Duplicate Advisory: Microsoft Identity Denial of service vulnerability Moderate
GHSA-8g9c-28fc-mcx2 was published for Microsoft.IdentityModel.JsonWebTokens (NuGet) Jan 9, 2024 withdrawn
morganbr brentschmaltz
GeoK keegan-caruso jennyf19 jmprieur
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability High
CVE-2024-21643 was published for Microsoft.IdentityModel.Protocols.SignedHttpRequest (NuGet) Jan 9, 2024
rymeskar brentschmaltz
GeoK keegan-caruso jmprieur jennyf19 TimHannMSFT
Duplicate Advisory: Denial of service in CBOR library High
GHSA-hf3r-vmrv-7w29 was published for PeterO.Cbor (NuGet) Jan 3, 2024 withdrawn
Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json High
GHSA-8rfx-6mr3-5jh3 was published for Newtonsoft.Json (NuGet) Jan 3, 2024 withdrawn
ProTip! Advisories are also available from the GraphQL API