Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

26 advisories

Loading
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only) High
CVE-2024-27303 was published for app-builder-lib (npm) Mar 4, 2024
bruno-1337 Credited to bruno-1337
OpenClaw's `tools.exec.safeBins` PATH-hijack allowed trojan binaries to bypass allowlist checks High
GHSA-g75x-8qqm-2vxp was published for openclaw (npm) Mar 3, 2026
jackhax Credited to jackhax
OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind High
GHSA-q399-23r3-hfx4 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking High
CVE-2026-24051 was published for go.opentelemetry.io/otel/sdk (Go) Feb 2, 2026
MorielHarush Credited to MorielHarush, pellared, and arminru pellared pellared
arminru arminru
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal High
CVE-2026-25992 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 28, 2026
EaEa0001 Credited to EaEa0001
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability High
CVE-2025-30399 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jun 11, 2025
OpenStack Kolla sudo privilege escalation vulnerability High
CVE-2022-38060 was published for kolla (pip) Dec 21, 2022
Poetry vulnerable to Untrusted Search Path leading to Local Code Execution on Windows High
CVE-2022-36070 was published for poetry (pip) Oct 11, 2022
paul-gerste-sonarsource Credited to paul-gerste-sonarsource
mongosh vulnerable to local privilege escalation High
CVE-2025-1756 was published for mongosh (npm) Feb 27, 2025
Snowflake JDBC allows an untrusted search path on Windows High
CVE-2025-24789 was published for net.snowflake:snowflake-jdbc (Maven) Jan 29, 2025
sccache vulnerable to privilege escalation if server is run as root High
CVE-2023-1521 was published for sccache (Rust) May 30, 2023
redsun82 Credited to redsun82 and kevinbackhouse kevinbackhouse kevinbackhouse
Apache Hadoop allows local user to gain root privileges High
CVE-2023-26031 was published for org.apache.hadoop:hadoop-yarn-project (Maven) Nov 16, 2023
vulnerability-analyst Credited to vulnerability-analyst and anonymous-nlp-student anonymous-nlp-student anonymous-nlp-student
Untrusted search path under some conditions on Windows allows arbitrary code execution High
CVE-2024-22190 was published for GitPython (pip) Jan 10, 2024
EliahKagan Credited to EliahKagan
GitPython untrusted search path on Windows systems leading to arbitrary code execution High
CVE-2023-40590 was published for gitpython (pip) Aug 29, 2023
stsewd Credited to stsewd and MicaelJarniac MicaelJarniac MicaelJarniac
Ansible Improper Input Validation vulnerability High
CVE-2018-10874 was published for ansible (pip) May 13, 2022
Ansible Arbitrary Code Execution High
CVE-2018-10875 was published for ansible (pip) May 13, 2022
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges High
CVE-2024-24810 was published for wix (NuGet) Feb 8, 2024
ppv-milestone Credited to ppv-milestone and robmen robmen robmen
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges High
GHSA-8v28-3g86-chj5 was published for PanelSwWix4.Sdk (NuGet) Feb 8, 2024
Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges High
GHSA-259p-rvjx-ffwg was published for PanelSW.Custom.WiX (NuGet) Feb 8, 2024
Yarn untrusted search path vulnerability High
CVE-2021-4435 was published for yarn (npm) Feb 4, 2024
Untrusted Search Path in PNPM High
CVE-2022-26183 was published for pnpm (npm) Mar 23, 2022
Ruby-ffi has a DLL loading issue High
CVE-2018-1000201 was published for ffi (RubyGems) Aug 31, 2018
Disputed: OS Command injection in github.com/kardianos/service High
CVE-2022-29583 was published for github.com/kardianos/service (Go) Apr 23, 2022 withdrawn
masinger Credited to masinger
Git LFS can execute a Git binary from the current directory on Windows High
CVE-2021-21237 was published for github.com/git-lfs/git-lfs (Go) Feb 15, 2022
Ry0taK Credited to Ry0taK
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database