Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
ImageMagick: Code Injection via PostScript header in ps coders Moderate
CVE-2026-25797 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation Critical
CVE-2025-68924 was published for UmbracoForms (NuGet) Jan 13, 2026
chudyPB Credited to chudyPB
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability High
CVE-2024-21643 was published for Microsoft.IdentityModel.Protocols.SignedHttpRequest (NuGet) Jan 9, 2024
rymeskar Credited to rymeskar, brentschmaltz, GeoK, keegan-caruso, jmprieur, jennyf19, and TimHannMSFT brentschmaltz brentschmaltz
GeoK GeoK keegan-caruso keegan-caruso jmprieur jmprieur jennyf19 jennyf19 TimHannMSFT TimHannMSFT
.NET Remote Code Execution Vulnerability High
CVE-2022-41089 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) Dec 14, 2022
tdunlap607 Credited to tdunlap607
Code Injection in Masuit.Tools.Core High
CVE-2022-21167 was published for Masuit.Tools.Core (NuGet) May 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database