Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only) High
CVE-2024-27303 was published for app-builder-lib (npm) Mar 4, 2024
bruno-1337 Credited to bruno-1337
OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides) High
CVE-2026-29610 was published for openclaw (npm) Feb 18, 2026
akhmittra Credited to akhmittra
OpenClaw's hook transform module path allows traversal and arbitrary JavaScript module loading High
CVE-2026-28393 was published for openclaw (npm) Mar 3, 2026
akhmittra Credited to akhmittra
OpenClaw affected by potential code execution via unsafe hook module path handling in Gateway High
CVE-2026-28456 was published for openclaw (npm) Feb 18, 2026
222n5 Credited to 222n5
Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows High
CVE-2025-15558 was published for github.com/docker/cli (Go) Mar 5, 2026
nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows High
CVE-2025-53000 was published for nbconvert (pip) Dec 18, 2025
dlqqq Credited to dlqqq, krassowski, and yohannslm krassowski krassowski
yohannslm yohannslm
PsySH has Local Privilege Escalation via CWD .psysh.php auto-load Moderate
CVE-2026-25129 was published for psy/psysh (Composer) Jan 30, 2026
aqhmal Credited to aqhmal
Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability High
CVE-2025-30167 was published for jupyter_core (pip) Jun 4, 2025
krassowski Credited to krassowski and zdi-disclosures zdi-disclosures zdi-disclosures
Duplicate Advisory: Keycloak allows access to admin path through flaw Low
GHSA-c6cm-5gc7-c3f4 was published for org.keycloak:keycloak-quarkus-server (Maven) Oct 28, 2025 withdrawn
Keycloak unable to restrict access to the admin console Low
CVE-2025-10939 was published for org.keycloak:keycloak-quarkus-server (Maven) Dec 2, 2025
TkEasyGUI Affected by Uncontrolled Search Path Element Issue High
CVE-2025-55671 was published for TkEasyGUI (pip) Sep 5, 2025
OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal Moderate
CVE-2025-5981 was published for github.com/google/osv-scalibr (Go) Jun 18, 2025
Malayke Credited to Malayke
Safearchive Path Traversal vulnerability Moderate
CVE-2024-10389 was published for github.com/google/safearchive (Go) Nov 4, 2024
Mattermost allows authenticated users to write files to arbitrary locations Critical
CVE-2025-4981 was published for github.com/mattermost/mattermost-server (Go) Jun 20, 2025
Arbitrary code execution due to an uncontrolled search path for the git binary Critical
CVE-2021-28955 was published for github.com/MichaelMure/git-bug (Go) May 25, 2021
gix-path can use a fake program files location High
CVE-2024-40644 was published for gix-path (Rust) Jul 18, 2024
EliahKagan Credited to EliahKagan
snapcraft Access Restriction Bypass Moderate
CVE-2020-27348 was published for snapcraft (pip) May 24, 2022
pipreqs vulnerable to Dependency Confusion Critical
CVE-2023-31543 was published for pipreqs (pip) Jun 30, 2023
Execution with Unnecessary Privileges in JupyterApp High
CVE-2022-39286 was published for jupyter-core (pip) Oct 26, 2022
Mattermost Desktop App Uncontrolled Search Path Vulnerability Moderate
CVE-2024-39613 was published for mattermost-desktop (npm) Sep 16, 2024
Antilles Dependency Confusion Vulnerability High
CVE-2021-3840 was published for antilles-tools (pip) Nov 3, 2021
Cheetah Path Search Order Hijacking High
CVE-2005-1632 was published for cheetah (pip) May 1, 2022
DLL Injection in kerberos High
CVE-2020-13110 was published for kerberos (npm) Sep 4, 2020
jhutchings1 Credited to jhutchings1
Duplicate Advisory: Kerberos for NodeJS allows DLL Injection High
GHSA-f478-xwv9-p93q was published for kerberos (npm) May 24, 2022 withdrawn
Insecure path handling in Bundler High
CVE-2019-3881 was published for bundler (RubyGems) May 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database