Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

12 advisories

Loading
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist High
CVE-2021-39135 was published for @npmcli/arborist (npm) Aug 31, 2021
JarLob Credited to JarLob and KateCatlin KateCatlin KateCatlin
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization High
CVE-2021-37713 was published for tar (npm) Aug 31, 2021
JarLob Credited to JarLob, chen-robert, and ginkoid chen-robert chen-robert
ginkoid ginkoid
JarLob Credited to JarLob, chen-robert, ginkoid, and levpachmanov chen-robert chen-robert
ginkoid ginkoid levpachmanov levpachmanov
Partial path traversal in sharpcompress Moderate
CVE-2021-39208 was published for sharpcompress (NuGet) Sep 20, 2021
JarLob Credited to JarLob and geoffodonnell geoffodonnell geoffodonnell
Path traversal in the OWASP Enterprise Security API High
CVE-2022-23457 was published for org.owasp.esapi:esapi (Maven) Apr 27, 2022
JarLob Credited to JarLob
NuGet Package Manager Tampering Vulnerability Moderate
CVE-2019-0976 was published for NuGet.Commands (NuGet) May 24, 2022
JarLob Credited to JarLob
Potential leak of NuGet.org API key Moderate
CVE-2022-30184 was published for NuGet.CommandLine (NuGet) Jun 14, 2022
JarLob Credited to JarLob
gajira-create GitHub action vulnerable to arbitrary code execution Critical
CVE-2020-14188 was published for atlassian/gajira-create (GitHub Actions) Oct 7, 2022
JarLob Credited to JarLob
NuGet Elevation of Privilege Vulnerability High
CVE-2022-41032 was published for NuGet.CommandLine (NuGet) Oct 11, 2022
kartheekp-ms Credited to kartheekp-ms and JarLob JarLob JarLob
NuGet Client Security Feature Bypass Vulnerability Critical
CVE-2024-0057 was published for NuGet.CommandLine (NuGet) Feb 13, 2024
JarLob Credited to JarLob
yt-dlp File system modification and RCE through improper file-extension sanitization High
CVE-2024-38519 was published for yt-dlp (pip) Jul 2, 2024
pukkandan Credited to pukkandan, JarLob, and Grub4K JarLob JarLob
Grub4K Grub4K
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization High
GHSA-22fp-mf44-f2mq was published for youtube-dl (pip) Apr 18, 2025
pukkandan Credited to pukkandan, JarLob, Grub4K, dirkf, and rhdesmond JarLob JarLob
Grub4K Grub4K dirkf dirkf rhdesmond rhdesmond
ProTip! Advisories are also available from the GraphQL API