GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
656
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
26 advisories
Filter by severity
Phusion Passenger Denial of Service
Moderate
CVE-2013-2119
was published
for
passenger
(RubyGems)
Oct 24, 2017
Tmp files readable by other users in sync-exec
Moderate
CVE-2017-16024
was published
for
sync-exec
(npm)
Nov 9, 2018
Insecure temporary file in Netflix OSS Hollow
Moderate
CVE-2021-28099
was published
for
com.netflix.hollow:hollow
(Maven)
Mar 29, 2021
Netflix/Priam: Temporary Directory Information Disclosure
Moderate
CVE-2021-28100
was published
for
com.netflix.priam:priam
(Maven)
Mar 30, 2021
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
Moderate
CVE-2020-10685
was published
for
ansible
(pip)
Apr 7, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible
Moderate
CVE-2020-1740
was published
for
ansible
(pip)
Apr 7, 2021
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File
Moderate
CVE-2020-1733
was published
for
ansible
(pip)
Apr 20, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
Moderate
CVE-2021-21429
was published
for
org.openapitools:openapi-generator-maven-plugin
(Maven)
Apr 29, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Moderate
CVE-2021-21430
was published
for
org.openapitools:openapi-generator
(Maven)
May 11, 2021
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
Moderate
CVE-2020-10744
was published
for
ansible
(pip)
Feb 9, 2022
Hub Package Arbitrary File Overwrite
Moderate
CVE-2014-0177
was published
for
github.com/github/hub
(RubyGems)
Feb 15, 2022
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15...
Moderate
Unreviewed
CVE-2021-46705
was published
Mar 17, 2022
A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to...
Moderate
Unreviewed
CVE-2022-21945
was published
Mar 17, 2022
instack-undercloud vulnerable to symlink attack on tmp files
Moderate
CVE-2017-7549
was published
for
instack-undercloud
(pip)
May 13, 2022
Puppet uses predictable filenames, allowing arbitrary file overwrite
Moderate
CVE-2012-1906
was published
for
puppet
(RubyGems)
May 14, 2022
Insecure Temporary File in Jinja2
Moderate
CVE-2014-0012
was published
for
Jinja2
(pip)
May 17, 2022
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers...
Moderate
Unreviewed
CVE-2020-8030
was published
May 24, 2022
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS,...
Moderate
Unreviewed
CVE-2020-8027
was published
May 24, 2022
ansible-runner 2.0.0 vulnerable to Race Condition
Moderate
CVE-2021-3702
was published
for
ansible-runner
(pip)
Aug 24, 2022
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this...
Moderate
Unreviewed
CVE-2022-3969
was published
Nov 13, 2022
A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is...
Moderate
Unreviewed
CVE-2022-4641
was published
Dec 22, 2022
Java Merge-sort Insecure Temporary File vulnerability
Moderate
CVE-2022-24913
was published
for
com.fasterxml.util:java-merge-sort
(Maven)
Jan 12, 2023
transformers has Insecure Temporary File
Moderate
CVE-2023-2800
was published
for
transformers
(pip)
May 18, 2023
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names...
Moderate
Unreviewed
CVE-2024-34490
was published
May 5, 2024
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an...
Moderate
Unreviewed
CVE-2024-5742
was published
Jun 12, 2024
ProTip!
Advisories are also available from the
GraphQL API