Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
Bloom Uncontrolled Search Path Element vulnerability High
CVE-2023-0247 was published for github.com/bits-and-blooms/bloom (Go) Jan 12, 2023
Git LFS can execute a Git binary from the current directory Critical
CVE-2020-27955 was published for github.com/git-lfs/git-lfs (Go) Feb 11, 2022
dawidgolunski
Relative Path Traversal in git-delta High
CVE-2021-36376 was published for git-delta (Rust) Aug 25, 2021
Uncontrolled Search Path Element in sharkdp/bat High
CVE-2021-36753 was published for bat (Rust) Aug 25, 2021
Local Privilege Escalation in cloudflared High
CVE-2020-24356 was published for github.com/cloudflare/cloudflared (Go) May 24, 2021
AgentBTZ uhthomas
Insecure path handling in Bundler High
CVE-2019-3881 was published for bundler (RubyGems) May 10, 2021
Duplicate Advisory: Kerberos for NodeJS allows DLL Injection High
GHSA-f478-xwv9-p93q was published for kerberos (npm) May 24, 2022 withdrawn
DLL Injection in kerberos High
CVE-2020-13110 was published for kerberos (npm) Sep 4, 2020
jhutchings1
Cheetah Path Search Order Hijacking High
CVE-2005-1632 was published for cheetah (pip) May 1, 2022
Arbitrary code execution due to an uncontrolled search path for the git binary Critical
CVE-2021-28955 was published for github.com/MichaelMure/git-bug (Go) May 25, 2021
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only) High
CVE-2024-27303 was published for app-builder-lib (npm) Mar 4, 2024
bruno-1337
gix-path can use a fake program files location Moderate
CVE-2024-40644 was published for gix-path (Rust) Jul 18, 2024
EliahKagan
Antilles Dependency Confusion Vulnerability High
CVE-2021-3840 was published for antilles-tools (pip) Nov 3, 2021
Mattermost Desktop App Uncontrolled Search Path Vulnerability Moderate
CVE-2024-39613 was published for mattermost-desktop (npm) Sep 16, 2024
Execution with Unnecessary Privileges in JupyterApp High
CVE-2022-39286 was published for jupyter-core (pip) Oct 26, 2022
pipreqs vulnerable to Dependency Confusion Critical
CVE-2023-31543 was published for pipreqs (pip) Jun 30, 2023
snapcraft Access Restriction Bypass Moderate
CVE-2020-27348 was published for snapcraft (pip) May 24, 2022
Safearchive Path Traversal vulnerability Moderate
CVE-2024-10389 was published for github.com/google/safearchive (Go) Nov 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database