GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
88 advisories
Filter by severity
Linuxfabrik Monitoring Plugins allow insecure creation of SQLite databases
Low
CVE-2026-53759
was published
for
linuxfabrik-lib
(pip)
Jul 6, 2026
mktemp: empty TMPDIR creates temp files in CWD instead of /tmp
Low
CVE-2026-35342
was published
for
uu_mktemp
(Rust)
Jul 6, 2026
GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file...
Low
Unreviewed
CVE-2026-41991
was published
Jun 29, 2026
@anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write
Moderate
CVE-2026-46406
was published
for
@anthropic-ai/claude-code
(npm)
Jun 25, 2026
Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded...
Moderate
Unreviewed
CVE-2026-41001
was published
Jun 11, 2026
CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that...
High
Unreviewed
CVE-2026-49134
was published
Jun 1, 2026
The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12...
High
Unreviewed
CVE-2025-67223
was published
Apr 28, 2026
Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory
Moderate
CVE-2026-40979
was published
for
org.springframework.ai:spring-ai-transformers
(Maven)
Apr 28, 2026
Spring Boot accepts predictable temp directory without ownership verification
High
CVE-2026-40973
was published
for
org.springframework.boot:spring-boot
(Maven)
Apr 28, 2026
Duplicate Advisory: uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable
Low
GHSA-2cxp-xq3c-mjxx
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform...
High
Unreviewed
CVE-2026-20204
was published
Apr 15, 2026
poetry-plugin-tweak-dependencies-version affected by CVE-2026-25645
Moderate
GHSA-5qvp-pr9f-2g2v
was published
for
poetry-plugin-tweak-dependencies-version
(pip)
Apr 1, 2026
A vulnerability was detected in Enter Software Iperius Backup bis 8.7.3. Affected is an unknown...
High
Unreviewed
CVE-2026-4822
was published
Mar 25, 2026
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Moderate
CVE-2026-25645
was published
for
requests
(pip)
Mar 25, 2026
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in...
Moderate
Unreviewed
CVE-2026-20651
was published
Mar 25, 2026
Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)
High
GHSA-8mpm-q7mh-8fvh
was published
for
@capgo/cli
(npm)
Mar 18, 2026
An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create...
High
Unreviewed
CVE-2026-25701
was published
Feb 25, 2026
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS...
Moderate
Unreviewed
CVE-2026-20618
was published
Feb 12, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.3,...
High
Unreviewed
CVE-2026-20649
was published
Feb 12, 2026
Insecure Temporary File vulnerability in Altera Quartus Prime Standard
Installer (SFX)
on...
Moderate
Unreviewed
CVE-2025-14614
was published
Jan 7, 2026
Insecure Temporary File vulnerability in Altera Quartus Prime Pro
Installer (SFX)
on Windows...
Moderate
Unreviewed
CVE-2025-14612
was published
Jan 7, 2026
Robocode has an insecure temporary file creation vulnerability in the AutoExtract component
Critical
CVE-2025-14307
was published
for
net.sf.robocode:robocode.battle
(Maven)
Dec 9, 2025
Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality
Moderate
CVE-2025-66625
was published
for
Umbraco.Cms
(NuGet)
Dec 9, 2025
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure...
High
Unreviewed
CVE-2025-46369
was published
Nov 13, 2025
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure...
Moderate
Unreviewed
CVE-2025-46368
was published
Nov 13, 2025
ProTip!
Advisories are also available from the
GraphQL API