GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
143 advisories
Filter by severity
NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file
Low
CVE-2025-46328
was published
for
snowflake-sdk
(npm)
Apr 28, 2025
Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
Low
CVE-2025-46327
was published
for
github.com/snowflakedb/gosnowflake
(Go)
Apr 28, 2025
Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file
Low
CVE-2025-46326
was published
for
Snowflake.Data
(NuGet)
Apr 28, 2025
Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens
Moderate
CVE-2025-26620
was published
for
Duende.AccessTokenManagement
(NuGet)
Feb 19, 2025
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Low
CVE-2025-24430
was published
for
magento/community-edition
(Composer)
Feb 11, 2025
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Low
CVE-2025-24432
was published
for
magento/community-edition
(Composer)
Feb 11, 2025
ASTEVAL Allows Malicious Tampering of Exposed AST Nodes Leads to Sandbox Escape
High
GHSA-vp47-9734-prjw
was published
for
asteval
(pip)
Jan 23, 2025
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
High
CVE-2024-56337
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 20, 2024
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
High
CVE-2024-50379
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 17, 2024
NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system
Moderate
CVE-2024-0133
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Oct 29, 2024
NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability
Critical
CVE-2024-0132
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Oct 29, 2024
Waitress has request processing race condition in HTTP pipelining with invalid first request
Critical
CVE-2024-49768
was published
for
waitress
(pip)
Oct 29, 2024
Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Moderate
CVE-2024-45120
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Low
CVE-2024-47813
was published
for
wasmtime
(Rust)
Oct 9, 2024
Duplicate Advisory: NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability
Critical
GHSA-536j-xxhg-6pgg
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Sep 26, 2024
•
withdrawn
Duplicate Advisory: NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system
Moderate
GHSA-g4pj-mx9f-m2mh
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Sep 26, 2024
•
withdrawn
Apache StreamPipes potentially allows creation of multiple identical accounts
Moderate
CVE-2024-30471
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jul 17, 2024
WordOps has TOCTOU race condition
Moderate
CVE-2024-34528
was published
for
wordops
(pip)
May 6, 2024
OpenStack Storlets arbitrary code execution vulnerability
High
CVE-2024-28717
was published
for
storlets
(pip)
Apr 22, 2024
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
Moderate
CVE-2024-28718
was published
for
magnum
(pip)
Apr 12, 2024
Gradio apps vulnerable to timing attacks to guess password
Moderate
CVE-2024-1729
was published
for
gradio
(pip)
Feb 22, 2024
Buildkite Elastic CI for AWS time-of-check-time-of-use race condition vulnerability
High
CVE-2023-43741
was published
for
github.com/buildkite/elastic-ci-stack-for-aws/v6
(Go)
Dec 22, 2023
FoodCoopShop Server-Side Request Forgery vulnerability
High
CVE-2023-46725
was published
for
foodcoopshop/foodcoopshop
(Composer)
Nov 2, 2023
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Low
GHSA-f2wx-xjfw-xjv6
was published
for
topgrade
(Rust)
Jul 17, 2023
NuGet Client Remote Code Execution Vulnerability
High
CVE-2023-29337
was published
for
Microsoft.Build.NuGetSdkResolver
(NuGet)
Jun 14, 2023
ProTip!
Advisories are also available from the
GraphQL API