Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to... Critical Unreviewed
CVE-2025-4802 was published May 16, 2025
NVIDIA Container Toolkit for all platforms contains an Untrusted Search Path Critical
CVE-2025-23266 was published for github.com/NVIDIA/gpu-operator (Go) Jul 17, 2025
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to... Critical Unreviewed
CVE-2025-49457 was published Aug 13, 2025
The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. Critical Unreviewed
CVE-2024-58250 was published Apr 22, 2025
Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an... Critical Unreviewed
CVE-2017-2225 was published May 17, 2022
SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion... Critical Unreviewed
CVE-2023-30330 was published May 23, 2023
Poetry before v1.1.9 contains Untrusted Search Path Critical
CVE-2022-26184 was published for poetry (pip) Mar 23, 2022
iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail... Critical Unreviewed
CVE-2024-38462 was published Jun 16, 2024
A vulnerability was found in Redis. It has been declared as critical. This vulnerability affects... Critical Unreviewed
CVE-2022-3734 was published Oct 28, 2022
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can... Critical Unreviewed
CVE-2022-21817 was published Feb 8, 2022
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '... Critical Unreviewed
CVE-2018-19486 was published May 14, 2022
Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used... Critical Unreviewed
CVE-2017-12414 was published May 17, 2022
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the... Critical Unreviewed
CVE-2011-4125 was published Apr 22, 2022
Git LFS can execute a binary from the current directory on Windows Critical
CVE-2022-24826 was published for github.com/git-lfs/git-lfs (Go) Apr 22, 2022
yuske
Credited to yuske
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database