Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

493 advisories

Loading
keycloak-httpd-client-install symlink attack vulnerability Moderate
CVE-2017-15111 was published for keycloak-httpd-client-install (pip) May 14, 2022
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file... Moderate Unreviewed
CVE-2018-19044 was published May 14, 2022
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user... Moderate Unreviewed
CVE-2017-7418 was published May 14, 2022
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is... Moderate Unreviewed
CVE-2018-6198 was published May 13, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10... Moderate Unreviewed
CVE-2017-2390 was published May 13, 2022
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure... Moderate Unreviewed
CVE-2016-9595 was published May 13, 2022
A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an... Moderate Unreviewed
CVE-2017-12258 was published May 13, 2022
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to... Moderate Unreviewed
CVE-2018-17955 was published May 13, 2022
The main function in android_main.cpp in thermald allows local users to write to arbitrary files... Moderate Unreviewed
CVE-2014-2312 was published May 13, 2022
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha,... Moderate Unreviewed
CVE-2008-7247 was published May 13, 2022
perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software,... Moderate Unreviewed
CVE-2016-10374 was published May 13, 2022
Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink... Moderate Unreviewed
CVE-2012-5303 was published May 13, 2022
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows... Moderate Unreviewed
CVE-2014-8585 was published May 13, 2022
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in... Moderate Unreviewed
CVE-2014-9512 was published May 13, 2022
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly... Moderate Unreviewed
CVE-2014-5045 was published May 13, 2022
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function... Moderate Unreviewed
CVE-2018-14335 was published May 13, 2022
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary... Moderate Unreviewed
CVE-2010-3879 was published May 13, 2022
Improper Link Resolution Before File Access in pip Moderate
CVE-2013-1888 was published for pip (pip) May 13, 2022
instack-undercloud vulnerable to symlink attack on tmp files Moderate
CVE-2017-7549 was published for instack-undercloud (pip) May 13, 2022
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files... Moderate Unreviewed
CVE-2014-3977 was published May 13, 2022
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the... Moderate Unreviewed
CVE-2017-9525 was published May 13, 2022
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd,... Moderate Unreviewed
CVE-2012-0871 was published May 13, 2022
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read)... Moderate Unreviewed
CVE-2017-16611 was published May 13, 2022
tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack... Moderate Unreviewed
CVE-2013-0350 was published May 5, 2022
In netdiag, there is a possible symbolic link following due to an improper link resolution. This... Moderate Unreviewed
CVE-2022-20085 was published May 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database