Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,196 advisories

Loading
Local privilege escalation due to improper soft link handling. The following products are... High Unreviewed
CVE-2022-44747 was published Nov 8, 2022
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... High Unreviewed
CVE-2022-32905 was published Nov 2, 2022
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as... High Unreviewed
CVE-2022-41973 was published Oct 29, 2022
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called... High Unreviewed
CVE-2022-31256 was published Oct 26, 2022
Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by... High Unreviewed
CVE-2022-42725 was published Oct 10, 2022
Armoury Crate Service’s logging function has insufficient validation to check if the log file is... Moderate Unreviewed
CVE-2022-38699 was published Sep 29, 2022
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security... High Unreviewed
CVE-2022-40710 was published Sep 29, 2022
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission... Critical Unreviewed
CVE-2022-23144 was published Sep 25, 2022
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with... High Unreviewed
CVE-2022-34893 was published Sep 20, 2022
A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro... High Unreviewed
CVE-2022-40143 was published Sep 20, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links Moderate
CVE-2022-39215 was published for tauri (Rust) Sep 16, 2022
martin-ocasek
Credited to martin-ocasek
Cargo extracting malicious crates can corrupt arbitrary files Low
CVE-2022-36113 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
Credited to pietroalbini and litios
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows... Moderate Unreviewed
CVE-2022-0029 was published Sep 15, 2022
In vow, there is a possible information disclosure due to a symbolic link following. This could... Moderate Unreviewed
CVE-2022-26456 was published Sep 7, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... Moderate Unreviewed
CVE-2022-2898 was published Sep 1, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... High Unreviewed
CVE-2022-2897 was published Sep 1, 2022
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only... High Unreviewed
CVE-2021-35939 was published Aug 27, 2022
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points... Critical Unreviewed
CVE-2022-34960 was published Aug 26, 2022
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and... High Unreviewed
CVE-2021-35938 was published Aug 26, 2022
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to... Moderate Unreviewed
CVE-2021-35937 was published Aug 26, 2022
An improper link resolution flaw can occur while extracting an archive leading to changing modes,... High Unreviewed
CVE-2021-31566 was published Aug 24, 2022
An improper link resolution flaw while extracting an archive can lead to changing the access... High Unreviewed
CVE-2021-23177 was published Aug 24, 2022
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free... High Unreviewed
CVE-2022-36336 was published Jul 31, 2022
On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable... Moderate Unreviewed
CVE-2022-35631 was published Jul 30, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows... High Unreviewed
CVE-2022-31250 was published Jul 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database