Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

22 advisories

Loading
High severity vulnerability that affects electron High
CVE-2016-1202 was published for electron (npm) Oct 24, 2017
Git LFS can execute a binary from the current directory on Windows Critical
CVE-2022-24826 was published for github.com/git-lfs/git-lfs (Go) Apr 22, 2022
yuske
Poetry vulnerable to Untrusted Search Path leading to Local Code Execution on Windows High
CVE-2022-36070 was published for poetry (pip) Oct 11, 2022
paul-gerste-sonarsource
Git LFS can execute a Git binary from the current directory on Windows High
CVE-2021-21237 was published for github.com/git-lfs/git-lfs (Go) Feb 15, 2022
Ry0taK
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
Disputed: OS Command injection in github.com/kardianos/service High
CVE-2022-29583 was published for github.com/kardianos/service (Go) Apr 23, 2022 withdrawn
masinger
Ruby-ffi has a DLL loading issue High
CVE-2018-1000201 was published for ffi (RubyGems) Aug 31, 2018
Untrusted Search Path in PNPM High
CVE-2022-26183 was published for pnpm (npm) Mar 23, 2022
Apache Ranger policy engine incorrectly matches paths in certain conditions Moderate
CVE-2016-8746 was published for org.apache.ranger:ranger-plugins-common (Maven) Oct 17, 2018
Yarn untrusted search path vulnerability High
CVE-2021-4435 was published for yarn (npm) Feb 4, 2024
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only) High
CVE-2024-27303 was published for app-builder-lib (npm) Mar 4, 2024
bruno-1337
Apache Hadoop allows local user to gain root privileges High
CVE-2023-26031 was published for org.apache.hadoop:hadoop-yarn-project (Maven) Nov 16, 2023
Ansible Arbitrary Code Execution High
CVE-2018-10875 was published for ansible (pip) May 13, 2022
Ansible Improper Input Validation vulnerability High
CVE-2018-10874 was published for ansible (pip) May 13, 2022
GitPython untrusted search path on Windows systems leading to arbitrary code execution High
CVE-2023-40590 was published for gitpython (pip) Aug 29, 2023
stsewd MicaelJarniac
Untrusted search path under some conditions on Windows allows arbitrary code execution High
CVE-2024-22190 was published for GitPython (pip) Jan 10, 2024
EliahKagan
Poetry before v1.1.9 contains Untrusted Search Path Critical
CVE-2022-26184 was published for poetry (pip) Mar 23, 2022
sccache vulnerable to privilege escalation if server is run as root High
CVE-2023-1521 was published for sccache (Rust) May 30, 2023
kevinbackhouse
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion Moderate
CVE-2024-53866 was published for pnpm (npm) Dec 10, 2024
ChALkeR
ProTip! Advisories are also available from the GraphQL API