GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,004
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Insecure path handling in Bundler
High
CVE-2019-3881
was published
for
bundler
(RubyGems)
May 10, 2021
Local Privilege Escalation in cloudflared
High
CVE-2020-24356
was published
for
github.com/cloudflare/cloudflared
(Go)
May 24, 2021
Arbitrary code execution due to an uncontrolled search path for the git binary
Critical
CVE-2021-28955
was published
for
github.com/MichaelMure/git-bug
(Go)
May 25, 2021
Uncontrolled Search Path Element in sharkdp/bat
High
CVE-2021-36753
was published
for
bat
(Rust)
Aug 25, 2021
Relative Path Traversal in git-delta
High
CVE-2021-36376
was published
for
git-delta
(Rust)
Aug 25, 2021
Antilles Dependency Confusion Vulnerability
High
CVE-2021-3840
was published
for
antilles-tools
(pip)
Nov 3, 2021
Git LFS can execute a Git binary from the current directory
Critical
CVE-2020-27955
was published
for
github.com/git-lfs/git-lfs
(Go)
Feb 11, 2022
Duplicate Advisory: Kerberos for NodeJS allows DLL Injection
High
GHSA-f478-xwv9-p93q
was published
for
kerberos
(npm)
May 24, 2022
•
withdrawn
snapcraft Access Restriction Bypass
Moderate
CVE-2020-27348
was published
for
snapcraft
(pip)
May 24, 2022
Execution with Unnecessary Privileges in JupyterApp
High
CVE-2022-39286
was published
for
jupyter-core
(pip)
Oct 26, 2022
Bloom Uncontrolled Search Path Element vulnerability
High
CVE-2023-0247
was published
for
github.com/bits-and-blooms/bloom
(Go)
Jan 12, 2023
pipreqs vulnerable to Dependency Confusion
Critical
CVE-2023-31543
was published
for
pipreqs
(pip)
Jun 30, 2023
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
High
CVE-2024-27303
was published
for
app-builder-lib
(npm)
Mar 4, 2024
gix-path can use a fake program files location
High
CVE-2024-40644
was published
for
gix-path
(Rust)
Jul 18, 2024
Mattermost Desktop App Uncontrolled Search Path Vulnerability
Moderate
CVE-2024-39613
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
Safearchive Path Traversal vulnerability
Moderate
CVE-2024-10389
was published
for
github.com/google/safearchive
(Go)
Nov 4, 2024
ProTip!
Advisories are also available from the
GraphQL API