Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

47 advisories

Loading
Linuxfabrik Monitoring Plugins allow insecure creation of SQLite databases Low
CVE-2026-53759 was published for linuxfabrik-lib (pip) Jul 6, 2026
OoYo0uto Credited to OoYo0uto
mktemp: empty TMPDIR creates temp files in CWD instead of /tmp Low
CVE-2026-35342 was published for uu_mktemp (Rust) Jul 6, 2026
Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory Moderate
CVE-2026-40979 was published for org.springframework.ai:spring-ai-transformers (Maven) Apr 28, 2026
Spring Boot accepts predictable temp directory without ownership verification High
CVE-2026-40973 was published for org.springframework.boot:spring-boot (Maven) Apr 28, 2026
Duplicate Advisory: uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable Low
GHSA-2cxp-xq3c-mjxx was published for coreutils (Rust) Apr 22, 2026 withdrawn
poetry-plugin-tweak-dependencies-version affected by CVE-2026-25645 Moderate
GHSA-5qvp-pr9f-2g2v was published for poetry-plugin-tweak-dependencies-version (pip) Apr 1, 2026
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function Moderate
CVE-2026-25645 was published for requests (pip) Mar 25, 2026
Jaycelation Credited to Jaycelation, nateprewitt, and sigmavirus24 nateprewitt nateprewitt
sigmavirus24 sigmavirus24
Judel777 Credited to Judel777
Robocode has an insecure temporary file creation vulnerability in the AutoExtract component Critical
CVE-2025-14307 was published for net.sf.robocode:robocode.battle (Maven) Dec 9, 2025
Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality Moderate
CVE-2025-66625 was published for Umbraco.Cms (NuGet) Dec 9, 2025
llama-index has Insecure Temporary File High
CVE-2025-7707 was published for llama-index (pip) Oct 13, 2025
Insecure Temporary File usage in github.com/golang/glog Moderate
CVE-2024-45339 was published for github.com/golang/glog (Go) Jan 28, 2025
Spring Cloud Contract vulnerable to local information disclosure Low
CVE-2024-22236 was published for org.springframework.cloud:spring-cloud-contract-shade (Maven) Jan 31, 2024
Jenkins temporary uploaded file created with insecure permissions Low
CVE-2023-43498 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 20, 2023
Active Support Possibly Discloses Locally Encrypted Files Moderate
CVE-2023-38037 was published for activesupport (RubyGems) Aug 23, 2023
Insecure Temporary File in HuTool High
CVE-2023-33695 was published for cn.hutool:hutool-core (Maven) Jun 13, 2023
transformers has Insecure Temporary File Moderate
CVE-2023-2800 was published for transformers (pip) May 18, 2023
sfblackl-intel Credited to sfblackl-intel
Java Merge-sort Insecure Temporary File vulnerability Moderate
CVE-2022-24913 was published for com.fasterxml.util:java-merge-sort (Maven) Jan 12, 2023
globalpom-utils has Insecure Temporary File Critical
CVE-2018-25068 was published for com.anrisoftware.globalpom:globalpomutils (Maven) Jan 6, 2023
ManyDesigns Portofino subject to creation of insecure temporary file High
CVE-2022-3952 was published for com.manydesigns:portofino (Maven) Nov 11, 2022
ansible-runner vulnerable to Race Condition Moderate
CVE-2021-3702 was published for ansible-runner (pip) Aug 24, 2022
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot High
CVE-2022-27772 was published for org.springframework.boot:spring-boot (Maven) Jul 11, 2022
trgpa Credited to trgpa and JLLeitschuh JLLeitschuh JLLeitschuh
phpMyAdmin unsafely handles temporary files High
CVE-2008-7252 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Insecure Temporary File in Jinja2 Moderate
CVE-2014-0012 was published for Jinja2 (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API