GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,618
Composer 5,007
Erlang 39
GitHub Actions 38
Go 2,640
Maven 6,105
npm 4,265
NuGet 760
pip 4,060
Pub 12
RubyGems 956
Rust 1,057
Swift 45

Unreviewed advisories

All unreviewed 277,077

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,201 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

In Avast Antivirus before 19.4, a local administrator can trick the product into renaming... Moderate Unreviewed

CVE-2019-11230 was published May 24, 2022

In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than... Moderate Unreviewed

CVE-2019-13636 was published May 24, 2022

deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper:... Moderate Unreviewed

CVE-2019-13229 was published May 24, 2022

deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to... Moderate Unreviewed

CVE-2019-13228 was published May 24, 2022

In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone... Moderate Unreviewed

CVE-2019-13227 was published May 24, 2022

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename>... High Unreviewed

CVE-2019-13226 was published May 24, 2022

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because... High Unreviewed

CVE-2019-12779 was published May 24, 2022

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico... High Unreviewed

CVE-2019-12209 was published May 24, 2022

In some configurations an attacker can inject a new executable path into the extensions.load file... High Unreviewed

CVE-2019-3567 was published May 24, 2022

Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100... High Unreviewed

CVE-2019-9949 was published May 24, 2022

Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R)... High Unreviewed

CVE-2019-0086 was published May 24, 2022

A local attacker can create a hard-link between a file to which the Check Point Endpoint Security... High Unreviewed

CVE-2019-8454 was published May 24, 2022

snap-confine as included in snapd before 2.39 did not guard against symlink races when performing... High Unreviewed

CVE-2019-11503 was published May 24, 2022

snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid... High Unreviewed

CVE-2019-11502 was published May 24, 2022

Pacemaker before 1.1.6 configure script creates temporary files insecurely Moderate Unreviewed

CVE-2011-5271 was published Apr 23, 2022

Hardlink before 0.1.2 operates on full file system objects path names which can allow a local... High Unreviewed

CVE-2011-3632 was published Apr 22, 2022

openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system... High Unreviewed

CVE-2011-3351 was published Apr 22, 2022

foomatic-rip filter, all versions, used insecurely creates temporary files for storage of... Moderate Unreviewed

CVE-2011-2923 was published Apr 22, 2022

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of... Moderate Unreviewed

CVE-2011-2924 was published Apr 22, 2022

Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks Low Unreviewed

CVE-2013-4184 was published May 5, 2022

Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files High

CVE-2024-29188 was published for WixToolset.Util.wixext (NuGet) Mar 25, 2024

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX... High Unreviewed

CVE-2019-11538 was published May 24, 2022

The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via... Moderate Unreviewed

CVE-2010-0398 was published Apr 21, 2022

A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security... High Unreviewed

CVE-2022-40710 was published Sep 29, 2022

Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete... High Unreviewed

CVE-2023-28892 was published Mar 29, 2023

Previous 1…18…49 Next

Previous 1 2 … 16 17 18 19 20 … 48 49 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,201 advisories