Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

88 advisories

Loading
Linuxfabrik Monitoring Plugins allow insecure creation of SQLite databases Low
CVE-2026-53759 was published for linuxfabrik-lib (pip) Jul 6, 2026
OoYo0uto Credited to OoYo0uto
mktemp: empty TMPDIR creates temp files in CWD instead of /tmp Low
CVE-2026-35342 was published for uu_mktemp (Rust) Jul 6, 2026
Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory Moderate
CVE-2026-40979 was published for org.springframework.ai:spring-ai-transformers (Maven) Apr 28, 2026
Spring Boot accepts predictable temp directory without ownership verification High
CVE-2026-40973 was published for org.springframework.boot:spring-boot (Maven) Apr 28, 2026
Duplicate Advisory: uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable Low
GHSA-2cxp-xq3c-mjxx was published for coreutils (Rust) Apr 22, 2026 withdrawn
poetry-plugin-tweak-dependencies-version affected by CVE-2026-25645 Moderate
GHSA-5qvp-pr9f-2g2v was published for poetry-plugin-tweak-dependencies-version (pip) Apr 1, 2026
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function Moderate
CVE-2026-25645 was published for requests (pip) Mar 25, 2026
Jaycelation Credited to Jaycelation, nateprewitt, and sigmavirus24 nateprewitt nateprewitt
sigmavirus24 sigmavirus24
Judel777 Credited to Judel777
Robocode has an insecure temporary file creation vulnerability in the AutoExtract component Critical
CVE-2025-14307 was published for net.sf.robocode:robocode.battle (Maven) Dec 9, 2025
Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality Moderate
CVE-2025-66625 was published for Umbraco.Cms (NuGet) Dec 9, 2025
ProTip! Advisories are also available from the GraphQL API