GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system
Moderate
CVE-2024-0133
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Oct 29, 2024
NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability
Critical
CVE-2024-0132
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Oct 29, 2024
Waitress has request processing race condition in HTTP pipelining with invalid first request
Critical
CVE-2024-49768
was published
for
waitress
(pip)
Oct 29, 2024
Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Moderate
CVE-2024-45120
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Low
CVE-2024-47813
was published
for
wasmtime
(Rust)
Oct 9, 2024
Duplicate Advisory: NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability
Critical
GHSA-536j-xxhg-6pgg
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Sep 26, 2024
•
withdrawn
Duplicate Advisory: NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system
Moderate
GHSA-g4pj-mx9f-m2mh
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Sep 26, 2024
•
withdrawn
Apache StreamPipes potentially allows creation of multiple identical accounts
Moderate
CVE-2024-30471
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jul 17, 2024
WordOps has TOCTOU race condition
Moderate
CVE-2024-34528
was published
for
wordops
(pip)
May 6, 2024
OpenStack Storlets arbitrary code execution vulnerability
High
CVE-2024-28717
was published
for
storlets
(pip)
Apr 22, 2024
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
Moderate
CVE-2024-28718
was published
for
magnum
(pip)
Apr 12, 2024
Gradio apps vulnerable to timing attacks to guess password
Moderate
CVE-2024-1729
was published
for
gradio
(pip)
Feb 22, 2024
Buildkite Elastic CI for AWS time-of-check-time-of-use race condition vulnerability
High
CVE-2023-43741
was published
for
github.com/buildkite/elastic-ci-stack-for-aws/v6
(Go)
Dec 22, 2023
FoodCoopShop Server-Side Request Forgery vulnerability
High
CVE-2023-46725
was published
for
foodcoopshop/foodcoopshop
(Composer)
Nov 2, 2023
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Low
GHSA-f2wx-xjfw-xjv6
was published
for
topgrade
(Rust)
Jul 17, 2023
NuGet Client Remote Code Execution Vulnerability
High
CVE-2023-29337
was published
for
Microsoft.Build.NuGetSdkResolver
(NuGet)
Jun 14, 2023
Podman Time-of-check Time-of-use (TOCTOU) Race Condition
Moderate
CVE-2023-0778
was published
for
github.com/containers/podman/v4
(Go)
Mar 27, 2023
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Low
GHSA-mc8h-8q98-g5hr
was published
for
remove_dir_all
(Rust)
Feb 24, 2023
etcd vulnerable to TOCTOU of gateway endpoint authentication
Low
GHSA-h8g9-6gvh-5mrc
was published
for
go.etcd.io/etcd/v3
(Go)
Oct 6, 2022
Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins
Moderate
CVE-2021-21615
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
B2 Command Line Tool TOCTOU application key disclosure
Moderate
CVE-2022-23653
was published
for
b2
(pip)
Feb 24, 2022
b2-sdk-python TOCTOU application key disclosure
Moderate
CVE-2022-23651
was published
for
b2sdk
(pip)
Feb 24, 2022
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr
Low
CVE-2017-18869
was published
for
chownr
(npm)
Feb 10, 2022
Insecure temporary file in Tensorflow
High
CVE-2022-23563
was published
for
tensorflow
(pip)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API