Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,822
Maven
5,000+
npm
4,448
NuGet
774
pip
4,218
Pub
12
RubyGems
970
Rust
1,089
Swift
47
Unreviewed advisories
All unreviewed
5,000+

774 advisories

Loading
jQuery vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2011-4969 was published for jQuery (RubyGems) May 14, 2022
jhutchings1 klaudialax
Credited to jhutchings1 and klaudialax
UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation Critical
CVE-2025-68924 was published for UmbracoForms (NuGet) Jan 13, 2026
chudyPB
Credited to chudyPB
AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value Low
CVE-2026-22611 was published for AWSSDK.Core (NuGet) Jan 9, 2026
Umbraco CMS has an arbitrary file upload vulnerability Moderate
CVE-2025-67288 was published for Umbraco.Cms (NuGet) Dec 22, 2025
ImageMagick has a heap-buffer-overflow Low
CVE-2025-68469 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
hardik05
Credited to hardik05
ImageMagick's failure to limit MVG mutual causes Stack Overflow Moderate
CVE-2025-68950 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 30, 2025
ylwango613
Credited to ylwango613
ImageMagick's failure to limit the depth of SVG file reads caused a DoS attack Moderate
CVE-2025-68618 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 30, 2025
ylwango613
Credited to ylwango613
Withdrawn Advisory: Emby Server API Vulnerability allowing to gain administrative access without precondition Critical
CVE-2025-64113 was published for MediaBrowser.Server.Core (NuGet) Dec 8, 2025 withdrawn
tembybot softworkz
Credited to tembybot and softworkz
ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution High
CVE-2025-55298 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
leehohojune hanbunny
jin-156 amethyst0225 pigeontwo9999
Credited to leehohojune, hanbunny, jin-156, amethyst0225, and pigeontwo9999
Piranha has stored cross-site scripting (XSS) vulnerability Low
CVE-2025-67291 was published for Piranha (NuGet) Dec 22, 2025
Piranha has stored cross-site scripting (XSS) vulnerability Low
CVE-2025-67290 was published for Piranha (NuGet) Dec 22, 2025
Amazon S3 Encryption Client for .NET has a Key Commitment Issue Moderate
CVE-2025-14759 was published for Amazon.Extensions.S3.Encryption (NuGet) Dec 18, 2025
ABP Account Module has an Open Redirect through Improper validation in its register function Moderate
CVE-2025-65581 was published for Volo.Abp.Account.Web (NuGet) Dec 16, 2025
Withdrawn Advisory: ImageMagick has a use-after-free/double-free risk in Options::fontFamily when clearing family Moderate
CVE-2025-65955 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 3, 2025 withdrawn
LuiginoC
Credited to LuiginoC
ImageMagick is vulnerable to an integer Overflow in TIM decoder leading to out of bounds read (32-bit only) High
CVE-2025-66628 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 10, 2025
Sumitshah00
Credited to Sumitshah00
Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality Moderate
CVE-2025-66625 was published for Umbraco.Cms (NuGet) Dec 9, 2025
Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer) High
CVE-2025-66631 was published for Csla (NuGet) Dec 8, 2025
rockfordlhotka Outurnate
Credited to rockfordlhotka and Outurnate
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14041 was published for bootstrap (RubyGems) Sep 13, 2018
jenhae
Credited to jenhae
Microsoft Security Advisory CVE-2024-38081 | .NET Elevation of Privilege Vulnerability High
CVE-2024-38081 was published for Microsoft.IO.Redist (NuGet) Jul 9, 2024
Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability Critical
CVE-2025-54539 was published for Apache.NMS.AMQP (NuGet) Oct 16, 2025
Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain Moderate
CVE-2025-9708 was published for KubernetesClient (NuGet) Sep 17, 2025
XSS in the `of` option of the `.position()` util in jquery-ui Moderate
CVE-2021-41184 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena A-Fitz-Nelnet
Credited to esbena and A-Fitz-Nelnet
Moment.js vulnerable to Inefficient Regular Expression Complexity High
CVE-2022-31129 was published for Moment.js (npm) Jul 6, 2022
vovikhangcdv
Credited to vovikhangcdv
Path Traversal: 'dir/../../filename' in moment.locale High
CVE-2022-24785 was published for Moment.js (npm) Apr 4, 2022
imagemagick: integer overflows in MNG magnification High
CVE-2025-55154 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database