Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,984
npm
3,523
NuGet
611
pip
3,098
Pub
10
RubyGems
834
Rust
784
Swift
34
Unreviewed advisories
All unreviewed
5,000+

455 advisories

Loading
A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163... High Unreviewed
CVE-2018-18333 was published May 13, 2022
Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer... High Unreviewed
CVE-2017-2130 was published May 13, 2022
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an... High Unreviewed
CVE-2018-6218 was published May 13, 2022
Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB... High Unreviewed
CVE-2017-2226 was published May 13, 2022
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0... High Unreviewed
CVE-2016-5330 was published May 13, 2022
Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7,... High Unreviewed
CVE-2018-6513 was published May 13, 2022
Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2... High Unreviewed
CVE-2011-2019 was published May 13, 2022
Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote... High Unreviewed
CVE-2017-6798 was published May 3, 2022
Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute... High Unreviewed
CVE-2016-6167 was published May 3, 2022
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
Untrusted search path vulnerability in the Python module in gedit allows local users to execute... Moderate Unreviewed
CVE-2009-0314 was published May 2, 2022
Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4... High Unreviewed
CVE-2008-3357 was published May 1, 2022
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats... High Unreviewed
CVE-2018-10904 was published Apr 30, 2022
Disputed: OS Command injection in github.com/kardianos/service High
CVE-2022-29583 was published for github.com/kardianos/service (Go) Apr 23, 2022 withdrawn
masinger
Git LFS can execute a binary from the current directory on Windows Critical
CVE-2022-24826 was published for github.com/git-lfs/git-lfs (Go) Apr 22, 2022
yuske
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the... Critical Unreviewed
CVE-2011-4125 was published Apr 22, 2022
Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to... High Unreviewed
CVE-2022-28128 was published Apr 1, 2022
Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to... High Unreviewed
CVE-2022-25348 was published Apr 1, 2022
Untrusted Search Path in PNPM High
CVE-2022-26183 was published for pnpm (npm) Mar 23, 2022
Poetry before v1.1.9 contains Untrusted Search Path Critical
CVE-2022-26184 was published for poetry (pip) Mar 23, 2022
Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 11.0.0.0 can create a world... High Unreviewed
CVE-2022-26526 was published Mar 18, 2022
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is... High Unreviewed
CVE-2022-26488 was published Mar 11, 2022
Untrusted Search Path in PostgreSQL Moderate Unreviewed
CVE-2020-14350 was published Feb 15, 2022
Git LFS can execute a Git binary from the current directory on Windows High
CVE-2021-21237 was published for github.com/git-lfs/git-lfs (Go) Feb 15, 2022
Ry0taK
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can... Critical Unreviewed
CVE-2022-21817 was published Feb 8, 2022
ProTip! Advisories are also available from the GraphQL API