GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
Linuxfabrik Monitoring Plugins allow insecure creation of SQLite databases
Low
CVE-2026-53759
was published
for
linuxfabrik-lib
(pip)
Jul 6, 2026
mktemp: empty TMPDIR creates temp files in CWD instead of /tmp
Low
CVE-2026-35342
was published
for
uu_mktemp
(Rust)
Jul 6, 2026
@anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write
Moderate
CVE-2026-46406
was published
for
@anthropic-ai/claude-code
(npm)
Jun 25, 2026
Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory
Moderate
CVE-2026-40979
was published
for
org.springframework.ai:spring-ai-transformers
(Maven)
Apr 28, 2026
Spring Boot accepts predictable temp directory without ownership verification
High
CVE-2026-40973
was published
for
org.springframework.boot:spring-boot
(Maven)
Apr 28, 2026
Duplicate Advisory: uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable
Low
GHSA-2cxp-xq3c-mjxx
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
poetry-plugin-tweak-dependencies-version affected by CVE-2026-25645
Moderate
GHSA-5qvp-pr9f-2g2v
was published
for
poetry-plugin-tweak-dependencies-version
(pip)
Apr 1, 2026
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Moderate
CVE-2026-25645
was published
for
requests
(pip)
Mar 25, 2026
Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)
High
GHSA-8mpm-q7mh-8fvh
was published
for
@capgo/cli
(npm)
Mar 18, 2026
Robocode has an insecure temporary file creation vulnerability in the AutoExtract component
Critical
CVE-2025-14307
was published
for
net.sf.robocode:robocode.battle
(Maven)
Dec 9, 2025
Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality
Moderate
CVE-2025-66625
was published
for
Umbraco.Cms
(NuGet)
Dec 9, 2025
llama-index has Insecure Temporary File
High
CVE-2025-7707
was published
for
llama-index
(pip)
Oct 13, 2025
Insecure Temporary File usage in github.com/golang/glog
Moderate
CVE-2024-45339
was published
for
github.com/golang/glog
(Go)
Jan 28, 2025
Spring Cloud Contract vulnerable to local information disclosure
Low
CVE-2024-22236
was published
for
org.springframework.cloud:spring-cloud-contract-shade
(Maven)
Jan 31, 2024
Jenkins temporary uploaded file created with insecure permissions
Low
CVE-2023-43498
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 20, 2023
Active Support Possibly Discloses Locally Encrypted Files
Moderate
CVE-2023-38037
was published
for
activesupport
(RubyGems)
Aug 23, 2023
Insecure Temporary File in HuTool
High
CVE-2023-33695
was published
for
cn.hutool:hutool-core
(Maven)
Jun 13, 2023
transformers has Insecure Temporary File
Moderate
CVE-2023-2800
was published
for
transformers
(pip)
May 18, 2023
Java Merge-sort Insecure Temporary File vulnerability
Moderate
CVE-2022-24913
was published
for
com.fasterxml.util:java-merge-sort
(Maven)
Jan 12, 2023
globalpom-utils has Insecure Temporary File
Critical
CVE-2018-25068
was published
for
com.anrisoftware.globalpom:globalpomutils
(Maven)
Jan 6, 2023
ManyDesigns Portofino subject to creation of insecure temporary file
High
CVE-2022-3952
was published
for
com.manydesigns:portofino
(Maven)
Nov 11, 2022
ansible-runner vulnerable to Race Condition
Moderate
CVE-2021-3702
was published
for
ansible-runner
(pip)
Aug 24, 2022
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
High
CVE-2022-27772
was published
for
org.springframework.boot:spring-boot
(Maven)
Jul 11, 2022
phpMyAdmin unsafely handles temporary files
High
CVE-2008-7252
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Insecure Temporary File in Jinja2
Moderate
CVE-2014-0012
was published
for
Jinja2
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API