Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,201 advisories

Loading
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files... Low Unreviewed
CVE-2014-3537 was published May 17, 2022
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local,... Moderate Unreviewed
CVE-2018-1063 was published May 14, 2022
The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib... Moderate Unreviewed
CVE-2014-3486 was published May 17, 2022
The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly ... Low Unreviewed
CVE-2008-4579 was published May 2, 2022
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users... Moderate Unreviewed
CVE-2012-3440 was published May 17, 2022
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or... High Unreviewed
CVE-2016-3108 was published May 14, 2022
The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise... Moderate Unreviewed
CVE-2009-1893 was published May 2, 2022
fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify... High Unreviewed
CVE-2008-4580 was published May 2, 2022
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following High
CVE-2023-25152 was published for github.com/pterodactyl/wings (Go) Feb 8, 2023
astro-angelfish
Credited to astro-angelfish
A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE SUSE Linux... High Unreviewed
CVE-2019-3691 was published May 24, 2022
ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory... Low Unreviewed
CVE-2020-6012 was published May 24, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links Moderate
CVE-2022-39215 was published for tauri (Rust) Sep 16, 2022
martin-ocasek
Credited to martin-ocasek
Unsafe tar unpacking in HashiCorp go-slug High
CVE-2020-29529 was published for github.com/hashicorp/go-slug (Go) Feb 6, 2023
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before... Moderate Unreviewed
CVE-2011-1384 was published May 17, 2022
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow... Low Unreviewed
CVE-2011-1920 was published May 17, 2022
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend... High Unreviewed
CVE-2022-24680 was published Feb 25, 2022
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend... High Unreviewed
CVE-2022-24679 was published Feb 25, 2022
ROG Live Service’s function for deleting temp files created by installation has an improper link... High Unreviewed
CVE-2022-22262 was published Mar 2, 2022
A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150... High Unreviewed
CVE-2022-24671 was published Feb 25, 2022
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission... Critical Unreviewed
CVE-2022-23144 was published Sep 25, 2022
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker... High Unreviewed
CVE-2021-44730 was published Feb 19, 2022
The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local... Moderate Unreviewed
CVE-2011-2473 was published May 17, 2022
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite... Low Unreviewed
CVE-2011-2533 was published May 17, 2022
An improper link resolution before file access ('link following') vulnerability exists in the... High Unreviewed
CVE-2022-0017 was published Feb 11, 2022
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink... Low Unreviewed
CVE-2012-2093 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database