Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

11 advisories

Loading
yt-dlp File system modification and RCE through improper file-extension sanitization High
CVE-2024-38519 was published for yt-dlp (pip) Jul 2, 2024
pukkandan JarLob
Grub4K
NuGet Client Security Feature Bypass Vulnerability Critical
CVE-2024-0057 was published for NuGet.CommandLine (NuGet) Feb 13, 2024
JarLob
NuGet Elevation of Privilege Vulnerability High
CVE-2022-41032 was published for NuGet.CommandLine (NuGet) Oct 11, 2022
kartheekp-ms JarLob
gajira-create GitHub action vulnerable to arbitrary code execution Critical
CVE-2020-14188 was published for atlassian/gajira-create (GitHub Actions) Oct 7, 2022
JarLob
Potential leak of NuGet.org API key Moderate
CVE-2022-30184 was published for NuGet.CommandLine (NuGet) Jun 14, 2022
JarLob
NuGet Package Manager Tampering Vulnerability Moderate
CVE-2019-0976 was published for NuGet.Commands (NuGet) May 24, 2022
JarLob
Path traversal in the OWASP Enterprise Security API High
CVE-2022-23457 was published for org.owasp.esapi:esapi (Maven) Apr 27, 2022
JarLob
Partial path traversal in sharpcompress Moderate
CVE-2021-39208 was published for sharpcompress (NuGet) Sep 20, 2021
JarLob geoffodonnell
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization High
CVE-2021-37713 was published for tar (npm) Aug 31, 2021
JarLob chen-robert
ginkoid
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist High
CVE-2021-39135 was published for @npmcli/arborist (npm) Aug 31, 2021
JarLob KateCatlin
ProTip! Advisories are also available from the GraphQL API