GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,942
Erlang
39
GitHub Actions
38
Go
2,599
Maven
5,000+
npm
4,249
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
gix-transport indirect code execution via malicious username
Moderate
CVE-2024-32884
was published
for
gitoxide
(Rust)
Apr 15, 2024
gix refs and paths with reserved Windows device names access the devices
Moderate
CVE-2024-35197
was published
for
gitoxide
(Rust)
May 22, 2024
gix traversal outside working tree enables arbitrary code execution
High
CVE-2024-35186
was published
for
gitoxide
(Rust)
May 22, 2024
gix-path uses local config across repos when it is the highest scope
Low
CVE-2024-45305
was published
for
gix-path
(Rust)
Sep 3, 2024
gix-path improperly resolves configuration path reported by Git
Moderate
CVE-2024-45405
was published
for
gix-path
(Rust)
Sep 6, 2024
Untrusted search path under some conditions on Windows allows arbitrary code execution
High
CVE-2024-22190
was published
for
GitPython
(pip)
Jan 10, 2024
gix-path can use a fake program files location
High
CVE-2024-40644
was published
for
gix-path
(Rust)
Jul 18, 2024
GitPython blind local file inclusion
Moderate
CVE-2023-41040
was published
for
GitPython
(pip)
Aug 30, 2023
gitoxide-core does not neutralize special characters for terminals
Low
CVE-2024-43785
was published
for
gitoxide
(Rust)
Aug 22, 2024
gix-worktree-state nonexclusive checkout sets executable files world-writable
Moderate
CVE-2025-22620
was published
for
gix-worktree-state
(Rust)
Jan 21, 2025
gitoxide does not detect SHA-1 collision attacks
Moderate
CVE-2025-31130
was published
for
gitoxide
(Rust)
Apr 4, 2025
gix-transport code execution vulnerability
Moderate
CVE-2023-53158
was published
for
gix-transport
(Rust)
Sep 25, 2023
ProTip!
Advisories are also available from the
GraphQL API