Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

214 advisories

Loading
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane Moderate
CVE-2024-35218 was published for UmbracoCms.Core (NuGet) May 21, 2024
RaphaelCSSilva
Withdrawn Advisory: Umbraco Rich Text Display allows Cross-Site Scripting Moderate
CVE-2024-55488 was published for Umbraco.Cms.Infrastructure (NuGet) Jan 22, 2025 withdrawn
AndyButland
Cross-site Scripting in Serenity Moderate
CVE-2024-26318 was published for @serenity-is/corelib (npm) Feb 19, 2024
Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens Moderate
CVE-2025-26620 was published for Duende.AccessTokenManagement (NuGet) Feb 19, 2025
XSS/HTML Injection Vulnerability in Umbraco Preview Badge Moderate
CVE-2024-10761 was published for Umbraco.Cms (NuGet) Jan 21, 2025
kushkira
AutoQueryable leaks sensitive information Moderate
CVE-2024-57716 was published for AutoQueryable (NuGet) Feb 20, 2025
Potential leak of NuGet.org API key Moderate
CVE-2022-30184 was published for NuGet.CommandLine (NuGet) Jun 14, 2022
JarLob
Duplicate Advisory: Authentication Bypass by Spoofing in OPC UA .NET Standard Stack Moderate
GHSA-7wwr-h8cm-9jf7 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025 withdrawn
Security Update for the OPC UA .NET Standard Stack Moderate
CVE-2024-42513 was published for OPCFoundation.NetStandard.Opc.Ua.Bindings.Https (NuGet) Mar 3, 2025
TomTervoort
OpenTelemetry .NET has Denial of Service (DoS) Vulnerability in API Package Moderate
CVE-2025-27513 was published for OpenTelemetry.Api (NuGet) Mar 5, 2025
Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality Moderate
CVE-2025-27601 was published for Umbraco.Cms.Api.Management (NuGet) Mar 11, 2025
Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content Moderate
CVE-2025-27602 was published for Umbraco.Cms.Web.Backoffice (NuGet) Mar 11, 2025
hazemeldoc
DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF) Moderate
CVE-2025-32372 was published for DotNetNuke.Core (NuGet) Apr 9, 2025
s0nnyWT valadas
david-poindexter
Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs Moderate
CVE-2025-32016 was published for Microsoft.Identity.Abstractions (NuGet) Apr 9, 2025
MarcelMichau jmprieur
jennyf19 keegan-caruso rymeskar
Cross-site Scripting in jquery-ui Moderate
CVE-2010-5312 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024
alexeyNeklesa-idt metametadata
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes Moderate
CVE-2025-24011 was published for Umbraco.Cms (NuGet) Jan 21, 2025
DotNetZip Zip-Slip Vulnerability Moderate
CVE-2018-1002205 was published for DotNetZip (NuGet) Oct 16, 2018
Umbraco Makes User Enumeration Feasible Based on Timing of Login Response Moderate
CVE-2025-46736 was published for Umbraco.Cms (NuGet) May 6, 2025
arneHildrum KireB
krieriks
DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline Moderate
CVE-2025-48378 was published for DotNetNuke.Core (NuGet) May 23, 2025
bdukes david-poindexter
valadas
Reflected Cross-Site Scripting (XSS) in module actions in edit mode Moderate
CVE-2025-48377 was published for DotNetNuke.Core (NuGet) May 23, 2025
bdukes david-poindexter
valadas
Security Update for the OPC UA .NET Standard Stack Moderate
CVE-2024-42512 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) Mar 3, 2025
TomTervoort AnonySE26
Microsoft ASP.NET Core project templates vulnerable to denial of service Moderate
CVE-2024-21319 was published for Microsoft.IdentityModel.JsonWebTokens (NuGet) Jan 9, 2024
aried3r
Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads Moderate
CVE-2025-48953 was published for Umbraco.Cms (NuGet) Jun 4, 2025
00mpal00mpa
Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates Moderate
CVE-2025-49015 was published for CouchbaseNetClient (NuGet) Jun 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database