GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
2 advisories
sbt: Source dependency feature (via crafted VCS URL) leads to arbitrary code execution on Windows
Moderate
CVE-2026-32948
was published
for
org.scala-sbt:sbt
(Maven)
Mar 24, 2026
sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)
Low
CVE-2023-46122
was published
for
org.scala-sbt:io_2.12
(Maven)
Oct 24, 2023
ProTip!
Advisories are also available from the
GraphQL API