Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

124 advisories

Loading
saku3 Credited to saku3 and utam0k utam0k utam0k
In aiohttp, compressed files as symlinks are not protected from path traversal Moderate
CVE-2024-42367 was published for aiohttp (pip) Aug 9, 2024
steverep Credited to steverep and bdraco bdraco bdraco
eternal-flame-AD Credited to eternal-flame-AD and Pr0methean Pr0methean Pr0methean
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist High
CVE-2021-39135 was published for @npmcli/arborist (npm) Aug 31, 2021
JarLob Credited to JarLob and KateCatlin KateCatlin KateCatlin
runc can be confused to create empty files/directories on the host Moderate
CVE-2024-45310 was published for github.com/opencontainers/runc (Go) Sep 3, 2024
rata Credited to rata, alban, cyphar, and sdowell alban alban
cyphar cyphar sdowell sdowell
Insecure Temporary File usage in github.com/golang/glog Moderate
CVE-2024-45339 was published for github.com/golang/glog (Go) Jan 28, 2025
readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. Critical Unreviewed
CVE-2024-54661 was published Dec 4, 2024
ProTip! Advisories are also available from the GraphQL API