Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
High severity vulnerability that affects electron High
CVE-2016-1202 was published for electron (npm) Oct 24, 2017
Git LFS can execute a binary from the current directory on Windows Critical
CVE-2022-24826 was published for github.com/git-lfs/git-lfs (Go) Apr 22, 2022
yuske Credited to yuske
Git LFS can execute a Git binary from the current directory on Windows High
CVE-2021-21237 was published for github.com/git-lfs/git-lfs (Go) Feb 15, 2022
Ry0taK Credited to Ry0taK
Disputed: OS Command injection in github.com/kardianos/service High
CVE-2022-29583 was published for github.com/kardianos/service (Go) Apr 23, 2022 withdrawn
masinger Credited to masinger
Ruby-ffi has a DLL loading issue High
CVE-2018-1000201 was published for ffi (RubyGems) Aug 31, 2018
Untrusted Search Path in PNPM High
CVE-2022-26183 was published for pnpm (npm) Mar 23, 2022
Apache Ranger policy engine incorrectly matches paths in certain conditions Moderate
CVE-2016-8746 was published for org.apache.ranger:ranger-plugins-common (Maven) Oct 17, 2018
Yarn untrusted search path vulnerability High
CVE-2021-4435 was published for yarn (npm) Feb 4, 2024
Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges High
GHSA-259p-rvjx-ffwg was published for PanelSW.Custom.WiX (NuGet) Feb 8, 2024
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges High
GHSA-8v28-3g86-chj5 was published for PanelSwWix4.Sdk (NuGet) Feb 8, 2024
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges High
CVE-2024-24810 was published for wix (NuGet) Feb 8, 2024
ppv-milestone Credited to ppv-milestone and robmen robmen robmen
Ansible Arbitrary Code Execution High
CVE-2018-10875 was published for ansible (pip) May 13, 2022
Ansible Improper Input Validation vulnerability High
CVE-2018-10874 was published for ansible (pip) May 13, 2022
GitPython untrusted search path on Windows systems leading to arbitrary code execution High
CVE-2023-40590 was published for gitpython (pip) Aug 29, 2023
stsewd Credited to stsewd and MicaelJarniac MicaelJarniac MicaelJarniac
Untrusted search path under some conditions on Windows allows arbitrary code execution High
CVE-2024-22190 was published for GitPython (pip) Jan 10, 2024
EliahKagan Credited to EliahKagan
Poetry before v1.1.9 contains Untrusted Search Path Critical
CVE-2022-26184 was published for poetry (pip) Mar 23, 2022
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion Moderate
CVE-2024-53866 was published for pnpm (npm) Dec 10, 2024
ChALkeR Credited to ChALkeR
Apache Hadoop allows local user to gain root privileges High
CVE-2023-26031 was published for org.apache.hadoop:hadoop-yarn-project (Maven) Nov 16, 2023
vulnerability-analyst Credited to vulnerability-analyst and anonymous-nlp-student anonymous-nlp-student anonymous-nlp-student
sccache vulnerable to privilege escalation if server is run as root High
CVE-2023-1521 was published for sccache (Rust) May 30, 2023
redsun82 Credited to redsun82 and kevinbackhouse kevinbackhouse kevinbackhouse
Snowflake JDBC allows an untrusted search path on Windows High
CVE-2025-24789 was published for net.snowflake:snowflake-jdbc (Maven) Jan 29, 2025
mongosh vulnerable to local privilege escalation High
CVE-2025-1756 was published for mongosh (npm) Feb 27, 2025
Mattermost Desktop App allows the bypass of Transparency, Consent, and Control (TCC) via code injection Low
CVE-2025-1398 was published for mattermost-desktop (npm) Mar 17, 2025
Poetry vulnerable to Untrusted Search Path leading to Local Code Execution on Windows High
CVE-2022-36070 was published for poetry (pip) Oct 11, 2022
paul-gerste-sonarsource Credited to paul-gerste-sonarsource
OpenStack Kolla sudo privilege escalation vulnerability High
CVE-2022-38060 was published for kolla (pip) Dec 21, 2022
Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability High
CVE-2025-30399 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jun 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database