Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,272
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,521
Pub
12
RubyGems
1,007
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

76 advisories

Loading
Local privilege escalation due to improper soft link handling. The following products are... High Unreviewed
CVE-2026-28721 was published Mar 6, 2026
Local privilege escalation due to improper soft link handling. The following products are... High Unreviewed
CVE-2026-28722 was published Mar 6, 2026
In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a... High Unreviewed
CVE-2025-48654 was published Mar 2, 2026
External Control of File Name or Path in Langflow High
CVE-2025-68478 was published for langflow (pip) Dec 19, 2025
J1vvoo Credited to J1vvoo and im-soohyun im-soohyun im-soohyun
A server-side request forgery security issue exists within Rockwell Automation ThinManager®... High Unreviewed
CVE-2025-9065 was published Sep 9, 2025
Local privilege escalation due to improper soft link handling. The following products are... High Unreviewed
CVE-2025-48963 was published Aug 28, 2025
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-6691 was published Jul 9, 2025
CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists... High Unreviewed
CVE-2025-2875 was published May 14, 2025
There is a local file inclusion vulnerability in ArcGIS Server 10.9.1 thru 11.3 that may allow a... High Unreviewed
CVE-2024-51961 was published Mar 3, 2025
An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an... High Unreviewed
CVE-2025-0111 was published Feb 12, 2025
HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can... High Unreviewed
CVE-2024-42168 was published Jan 11, 2025
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database... High Unreviewed
CVE-2024-10979 was published Nov 14, 2024
CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code... High Unreviewed
CVE-2024-45826 was published Sep 12, 2024
HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration High
CVE-2024-6717 was published for github.com/hashicorp/nomad (Go) Jul 23, 2024
dduzgun-security Credited to dduzgun-security
In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a... High Unreviewed
CVE-2024-31319 was published Jul 9, 2024
A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender... High Unreviewed
CVE-2023-6154 was published Apr 1, 2024
HashiCorp Nomad vulnerable to symlink attacks High
CVE-2024-1329 was published for github.com/hashicorp/nomad (Go) Feb 8, 2024
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple... High Unreviewed
CVE-2023-5247 was published Nov 30, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed
CVE-2023-40194 was published Nov 27, 2023
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356.... High Unreviewed
CVE-2023-39542 was published Nov 27, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed
CVE-2023-35985 was published Nov 27, 2023
A file write vulnerability exists in the OAS Engine configuration functionality of Open... High Unreviewed
CVE-2023-32615 was published Sep 5, 2023
Local privilege escalation during installation due to improper soft link handling. The following... High Unreviewed
CVE-2022-46869 was published Aug 31, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42732 was published Jul 6, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42891 was published Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database