Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

296 advisories

Loading
devise Time-of-check Time-of-use Race Condition vulnerability Moderate
CVE-2019-5421 was published for devise (RubyGems) Mar 19, 2019
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs High
CVE-2021-30465 was published for github.com/opencontainers/runc (Go) May 25, 2021
champtar
Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem Critical
CVE-2021-32708 was published for league/flysystem (Composer) Jun 29, 2021
stevenseeley
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard Moderate
CVE-2020-8867 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Aug 2, 2021
Memory safety violation in crayon High
CVE-2020-35889 was published for crayon (Rust) Aug 25, 2021
Miner fails to get block template when a cell used as a cell dep has been destroyed. High
GHSA-v666-6w97-pcwm was published for ckb (Rust) Aug 25, 2021
An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a... High Unreviewed
CVE-2021-42835 was published Dec 9, 2021
A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and... Moderate Unreviewed
CVE-2021-4001 was published Jan 22, 2022
On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all... Moderate Unreviewed
CVE-2022-23029 was published Jan 26, 2022
Race condition in Apache Tomcat High
CVE-2022-23181 was published for org.apache.tomcat:tomcat (Maven) Feb 1, 2022
Potential proxy IP restriction bypass in Kubernetes Low
CVE-2020-8562 was published for k8s.io/kubernetes (Go) Feb 2, 2022
enj
TOCTOU Race Condition in Yarn Moderate
CVE-2019-15608 was published for yarn (npm) Feb 9, 2022
Insecure temporary file in Tensorflow High
CVE-2022-23563 was published for tensorflow (pip) Feb 9, 2022
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr Low
CVE-2017-18869 was published for chownr (npm) Feb 10, 2022
tdunlap607
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way... High Unreviewed
CVE-2021-22043 was published Feb 17, 2022
b2-sdk-python TOCTOU application key disclosure Moderate
CVE-2022-23651 was published for b2sdk (pip) Feb 24, 2022
janschejbal
B2 Command Line Tool TOCTOU application key disclosure Moderate
CVE-2022-23653 was published for b2 (pip) Feb 24, 2022
janschejbal
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race... High Unreviewed
CVE-2022-24335 was published Feb 26, 2022
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for... Moderate Unreviewed
CVE-2022-0280 was published Mar 12, 2022
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability... Low Unreviewed
CVE-2022-24413 was published Apr 13, 2022
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for... High Unreviewed
CVE-2022-0915 was published Apr 13, 2022
An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the... Moderate Unreviewed
CVE-2022-25165 was published Apr 15, 2022
Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running... High Unreviewed
CVE-2022-28743 was published Apr 22, 2022
Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged... High Unreviewed
CVE-2011-4126 was published Apr 22, 2022
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and... Moderate Unreviewed
CVE-2012-5630 was published Apr 23, 2022
ProTip! Advisories are also available from the GraphQL API