Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

405 advisories

Loading
Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local,... High Unreviewed
CVE-2021-25261 was published Jun 16, 2022
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from... High Unreviewed
CVE-2022-2145 was published Jun 29, 2022
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure... High Unreviewed
CVE-2021-42056 was published Jun 25, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows... High Unreviewed
CVE-2022-31250 was published Jul 21, 2022
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user... High Unreviewed
CVE-2022-32450 was published Jul 19, 2022
An issue existed within the path validation logic for symlinks. This issue was addressed with... High Unreviewed
CVE-2020-10003 was published May 24, 2022
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to... High Unreviewed
CVE-2016-6253 was published May 17, 2022
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which... High Unreviewed
CVE-2020-7040 was published May 24, 2022
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain... High Unreviewed
CVE-2015-6566 was published May 17, 2022
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk... High Unreviewed
CVE-2015-1338 was published May 17, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux... High Unreviewed
CVE-2019-18897 was published May 24, 2022
The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local... High Unreviewed
CVE-2019-3692 was published May 24, 2022
Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation... High Unreviewed
CVE-2013-0927 was published May 17, 2022
mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink... High Unreviewed
CVE-2008-5155 was published May 17, 2022
src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite... High Unreviewed
CVE-2008-5704 was published May 17, 2022
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point... High Unreviewed
CVE-2019-8452 was published May 24, 2022
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v0.9.8 beta ... High Unreviewed
CVE-2019-12571 was published May 24, 2022
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux... High Unreviewed
CVE-2019-12573 was published May 24, 2022
The chkstat tool in the permissions package followed symlinks before commit... High Unreviewed
CVE-2019-3690 was published May 24, 2022
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free... High Unreviewed
CVE-2022-36336 was published Jul 31, 2022
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security... High Unreviewed
CVE-2021-23892 was published May 24, 2022
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap... High Unreviewed
CVE-2019-3699 was published May 24, 2022
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap... High Unreviewed
CVE-2019-3697 was published May 24, 2022
When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be... High Unreviewed
CVE-2022-45412 was published Dec 22, 2022
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the... High Unreviewed
CVE-2020-10665 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database