GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
10 advisories
Untrusted search path under some conditions on Windows allows arbitrary code execution
High
CVE-2024-22190
was published
for
GitPython
(pip)
Jan 10, 2024
GitPython blind local file inclusion
Moderate
CVE-2023-41040
was published
for
GitPython
(pip)
Aug 30, 2023
gix-path improperly resolves configuration path reported by Git
Moderate
CVE-2024-45405
was published
for
gix-path
(Rust)
Sep 6, 2024
gix-path uses local config across repos when it is the highest scope
Low
CVE-2024-45305
was published
for
gix-path
(Rust)
Sep 3, 2024
gitoxide-core does not neutralize special characters for terminals
Low
CVE-2024-43785
was published
for
gitoxide
(Rust)
Aug 22, 2024
gix-path can use a fake program files location
Moderate
CVE-2024-40644
was published
for
gix-path
(Rust)
Jul 18, 2024
gix traversal outside working tree enables arbitrary code execution
High
CVE-2024-35186
was published
for
gitoxide
(Rust)
May 22, 2024
gix refs and paths with reserved Windows device names access the devices
Moderate
CVE-2024-35197
was published
for
gitoxide
(Rust)
May 22, 2024
gix-transport code execution vulnerability
Moderate
GHSA-rrjw-j4m2-mf34
was published
for
gix-transport
(Rust)
Sep 25, 2023
gix-transport indirect code execution via malicious username
Moderate
CVE-2024-32884
was published
for
gitoxide
(Rust)
Apr 15, 2024
ProTip!
Advisories are also available from the
GraphQL API