Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

19 advisories

Loading
Algernon: handler.lua discovery walks parent directories above the server root Critical
CVE-2026-45721 was published for github.com/xyproto/algernon (Go) May 19, 2026
Dredsen Credited to Dredsen
CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE Critical
CVE-2026-44477 was published for github.com/cloudnative-pg/cloudnative-pg (Go) May 11, 2026
mdisec Credited to mdisec
Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0... Critical Unreviewed
CVE-2025-39666 was published Apr 7, 2026
OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover Critical
CVE-2026-41294 was published for openclaw (npm) Apr 1, 2026
tdjackey Credited to tdjackey
An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in... Critical Unreviewed
CVE-2025-65078 was published Feb 3, 2026
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to... Critical Unreviewed
CVE-2025-49457 was published Aug 13, 2025
NVIDIA Container Toolkit for all platforms contains an Untrusted Search Path Critical
CVE-2025-23266 was published for github.com/NVIDIA/gpu-operator (Go) Jul 17, 2025
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to... Critical Unreviewed
CVE-2025-4802 was published May 16, 2025
The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. Critical Unreviewed
CVE-2024-58250 was published Apr 22, 2025
iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail... Critical Unreviewed
CVE-2024-38462 was published Jun 16, 2024
SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion... Critical Unreviewed
CVE-2023-30330 was published May 23, 2023
A vulnerability was found in Redis. It has been declared as critical. This vulnerability affects... Critical Unreviewed
CVE-2022-3734 was published Oct 28, 2022
Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an... Critical Unreviewed
CVE-2017-2225 was published May 17, 2022
Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used... Critical Unreviewed
CVE-2017-12414 was published May 17, 2022
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '... Critical Unreviewed
CVE-2018-19486 was published May 14, 2022
Git LFS can execute a binary from the current directory on Windows Critical
CVE-2022-24826 was published for github.com/git-lfs/git-lfs (Go) Apr 22, 2022
yuske Credited to yuske
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the... Critical Unreviewed
CVE-2011-4125 was published Apr 22, 2022
Poetry before v1.1.9 contains Untrusted Search Path Critical
CVE-2022-26184 was published for poetry (pip) Mar 23, 2022
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can... Critical Unreviewed
CVE-2022-21817 was published Feb 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database