Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,196 advisories

Loading
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple... High Unreviewed
CVE-2014-4480 was published May 14, 2022
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10... Moderate Unreviewed
CVE-2016-4679 was published May 14, 2022
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and... High Unreviewed
CVE-2018-14651 was published May 14, 2022
Numpy arbitrary file write via symlink attack High
CVE-2014-1859 was published for numpy (pip) May 14, 2022
jhutchings1
Credited to jhutchings1
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on... Moderate Unreviewed
CVE-2013-2561 was published May 14, 2022
Improper Link Resolution Before File Access in Suds Moderate
CVE-2013-2217 was published for suds (pip) May 14, 2022
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of... Moderate Unreviewed
CVE-2013-1976 was published May 14, 2022
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an... Moderate Unreviewed
CVE-2018-19638 was published May 14, 2022
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local... Moderate Unreviewed
CVE-2018-19637 was published May 14, 2022
Mercurial missing symlink check High
CVE-2017-1000115 was published for mercurial (pip) May 14, 2022
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink... Moderate Unreviewed
CVE-2015-1331 was published May 14, 2022
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to... High Unreviewed
CVE-2015-1335 was published May 14, 2022
Puppet arbitrary file overwrite Moderate
CVE-2011-3869 was published for puppet (RubyGems) May 14, 2022
Puppet allows local users to modify the permissions of arbitrary files Moderate
CVE-2011-3870 was published for puppet (RubyGems) May 14, 2022
keycloak-httpd-client-install symlink attack vulnerability Moderate
CVE-2017-15111 was published for keycloak-httpd-client-install (pip) May 14, 2022
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file... Moderate Unreviewed
CVE-2018-19044 was published May 14, 2022
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user... Moderate Unreviewed
CVE-2017-7418 was published May 14, 2022
Ansible Sandbox Escape via Symlink Attack High
CVE-2015-6240 was published for ansible (pip) May 13, 2022
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp... High Unreviewed
CVE-2014-3219 was published May 13, 2022
SoSReport Predictable Tmp File Names High
CVE-2015-7529 was published for sosreport (pip) May 13, 2022
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is... Moderate Unreviewed
CVE-2018-6198 was published May 13, 2022
Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly... High Unreviewed
CVE-2017-8108 was published May 13, 2022
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10... High Unreviewed
CVE-2017-6981 was published May 13, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10... Moderate Unreviewed
CVE-2017-2390 was published May 13, 2022
In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service... High Unreviewed
CVE-2015-0796 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database