GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
12 advisories
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization
High
GHSA-22fp-mf44-f2mq
was published
for
youtube-dl
(pip)
Apr 18, 2025
yt-dlp File system modification and RCE through improper file-extension sanitization
High
CVE-2024-38519
was published
for
yt-dlp
(pip)
Jul 2, 2024
NuGet Client Security Feature Bypass Vulnerability
Critical
CVE-2024-0057
was published
for
NuGet.CommandLine
(NuGet)
Feb 13, 2024
NuGet Elevation of Privilege Vulnerability
High
CVE-2022-41032
was published
for
NuGet.CommandLine
(NuGet)
Oct 11, 2022
gajira-create GitHub action vulnerable to arbitrary code execution
Critical
CVE-2020-14188
was published
for
atlassian/gajira-create
(GitHub Actions)
Oct 7, 2022
Potential leak of NuGet.org API key
Moderate
CVE-2022-30184
was published
for
NuGet.CommandLine
(NuGet)
Jun 14, 2022
NuGet Package Manager Tampering Vulnerability
Moderate
CVE-2019-0976
was published
for
NuGet.Commands
(NuGet)
May 24, 2022
Path traversal in the OWASP Enterprise Security API
High
CVE-2022-23457
was published
for
org.owasp.esapi:esapi
(Maven)
Apr 27, 2022
Partial path traversal in sharpcompress
Moderate
CVE-2021-39208
was published
for
sharpcompress
(NuGet)
Sep 20, 2021
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37712
was published
for
tar
(npm)
Aug 31, 2021
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
High
CVE-2021-37713
was published
for
tar
(npm)
Aug 31, 2021
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
High
CVE-2021-39135
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
ProTip!
Advisories are also available from the
GraphQL API