GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion
Moderate
CVE-2024-53866
was published
for
pnpm
(npm)
Dec 10, 2024
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
High
CVE-2024-27303
was published
for
app-builder-lib
(npm)
Mar 4, 2024
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
GHSA-8v28-3g86-chj5
was published
for
PanelSwWix4.Sdk
(NuGet)
Feb 8, 2024
Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
GHSA-259p-rvjx-ffwg
was published
for
PanelSW.Custom.WiX
(NuGet)
Feb 8, 2024
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
High
CVE-2024-24810
was published
for
wix
(NuGet)
Feb 8, 2024
Yarn untrusted search path vulnerability
High
CVE-2021-4435
was published
for
yarn
(npm)
Feb 4, 2024
Untrusted search path under some conditions on Windows allows arbitrary code execution
High
CVE-2024-22190
was published
for
GitPython
(pip)
Jan 10, 2024
Apache Hadoop allows local user to gain root privileges
High
CVE-2023-26031
was published
for
org.apache.hadoop:hadoop-yarn-project
(Maven)
Nov 16, 2023
GitPython untrusted search path on Windows systems leading to arbitrary code execution
High
CVE-2023-40590
was published
for
gitpython
(pip)
Aug 29, 2023
sccache vulnerable to privilege escalation if server is run as root
High
CVE-2023-1521
was published
for
sccache
(Rust)
May 30, 2023
Poetry vulnerable to Untrusted Search Path leading to Local Code Execution on Windows
High
CVE-2022-36070
was published
for
poetry
(pip)
Oct 11, 2022
Ansible Improper Input Validation vulnerability
High
CVE-2018-10874
was published
for
ansible
(pip)
May 13, 2022
sinatra does not validate expanded path matches
High
CVE-2022-29970
was published
for
sinatra
(RubyGems)
May 3, 2022
Disputed: OS Command injection in github.com/kardianos/service
High
CVE-2022-29583
was published
for
github.com/kardianos/service
(Go)
Apr 23, 2022
•
withdrawn
Git LFS can execute a binary from the current directory on Windows
Critical
CVE-2022-24826
was published
for
github.com/git-lfs/git-lfs
(Go)
Apr 22, 2022
Poetry before v1.1.9 contains Untrusted Search Path
Critical
CVE-2022-26184
was published
for
poetry
(pip)
Mar 23, 2022
Git LFS can execute a Git binary from the current directory on Windows
High
CVE-2021-21237
was published
for
github.com/git-lfs/git-lfs
(Go)
Feb 15, 2022
Apache Ranger policy engine incorrectly matches paths in certain conditions
Moderate
CVE-2016-8746
was published
for
org.apache.ranger:ranger-plugins-common
(Maven)
Oct 17, 2018
Ruby-ffi has a DLL loading issue
High
CVE-2018-1000201
was published
for
ffi
(RubyGems)
Aug 31, 2018
High severity vulnerability that affects electron
High
CVE-2016-1202
was published
for
electron
(npm)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API