GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,751
Erlang
35
GitHub Actions
29
Go
2,326
Maven
5,000+
npm
3,956
NuGet
712
pip
3,740
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+
135 advisories
Filter by severity
This vulnerability occurs when an attacker exploits a race condition between the time a file is...
Moderate
Unreviewed
CVE-2024-6787
was published
Sep 21, 2024
Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Moderate
CVE-2024-45120
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
A vulnerability was discovered in Samsung Mobile Processor Exynos 980, Exynos 990, Exynos 1080,...
Moderate
Unreviewed
CVE-2024-27361
was published
Jul 9, 2024
In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via...
Moderate
Unreviewed
CVE-2022-48682
was published
Apr 26, 2024
Duplicate Advisory: NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system
Moderate
GHSA-g4pj-mx9f-m2mh
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Sep 26, 2024
•
withdrawn
NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system
Moderate
CVE-2024-0133
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Oct 29, 2024
In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and...
Moderate
Unreviewed
CVE-2023-52556
was published
Mar 1, 2024
The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race...
Moderate
Unreviewed
CVE-2024-51563
was published
Nov 12, 2024
A race condition could lead to a cross-origin container obtaining permissions of the top-level...
Moderate
Unreviewed
CVE-2024-6601
was published
Jul 9, 2024
In the Linux kernel, the following vulnerability has been resolved:
ice: Don't process extts if...
Moderate
Unreviewed
CVE-2024-42107
was published
Jul 30, 2024
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: improve shutdown...
Moderate
Unreviewed
CVE-2024-49998
was published
Oct 21, 2024
In the Linux kernel, the following vulnerability has been resolved:
HID: logitech-hidpp: Fix...
Moderate
Unreviewed
CVE-2023-52478
was published
Feb 29, 2024
Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU)...
Moderate
Unreviewed
CVE-2025-22394
was published
Jan 15, 2025
Apache StreamPipes potentially allows creation of multiple identical accounts
Moderate
CVE-2024-30471
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jul 17, 2024
WordOps has TOCTOU race condition
Moderate
CVE-2024-34528
was published
for
wordops
(pip)
May 6, 2024
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the...
Moderate
Unreviewed
CVE-2022-38730
was published
Apr 27, 2023
Time-of-check time-of-use race condition for some Intel(R) Battery Life Diagnostic Tool software...
Moderate
Unreviewed
CVE-2024-41917
was published
Feb 13, 2025
Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens
Moderate
CVE-2025-26620
was published
for
Duende.AccessTokenManagement
(NuGet)
Feb 19, 2025
Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can...
Moderate
Unreviewed
CVE-2024-7531
was published
Aug 6, 2024
Information disclosure may be there when a guest VM is connected.
Moderate
Unreviewed
CVE-2025-21431
was published
Apr 7, 2025
In the Linux kernel, the following vulnerability has been resolved:
firmware: qcom: uefisecapp:...
Moderate
Unreviewed
CVE-2025-21998
was published
Apr 3, 2025
Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows...
Moderate
Unreviewed
CVE-2017-11830
was published
May 13, 2022
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a...
Moderate
Unreviewed
CVE-2022-3590
was published
Dec 14, 2022
Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be...
Moderate
Unreviewed
CVE-2025-3599
was published
Apr 30, 2025
Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows...
Moderate
Unreviewed
CVE-2024-6029
was published
Apr 30, 2025
ProTip!
Advisories are also available from the
GraphQL API