GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,740
Composer 4,239
Erlang 31
GitHub Actions 21
Go 2,007
Maven 5,196
npm 3,716
NuGet 662
pip 3,388
Pub 11
RubyGems 885
Rust 851
Swift 36

Unreviewed advisories

All unreviewed 235,757

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

927 advisories

Filter by severity

Sort by

Least recently updated

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4. Moderate Unreviewed

CVE-2022-38482 was published Jan 10, 2023

A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and... High Unreviewed

CVE-2022-45798 was published Dec 24, 2022

When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be... High Unreviewed

CVE-2022-45412 was published Dec 22, 2022

A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical.... High Unreviewed

CVE-2022-4563 was published Dec 21, 2022

Certain HP Print products and Digital Sending products may be vulnerable to potential remote code... Critical Unreviewed

CVE-2021-3942 was published Dec 12, 2022

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended... High Unreviewed

CVE-2009-1143 was published Nov 23, 2022

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a... Moderate Unreviewed

CVE-2009-1142 was published Nov 23, 2022

Local privilege escalation due to improper soft link handling. The following products are... High Unreviewed

CVE-2022-44747 was published Nov 8, 2022

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... High Unreviewed

CVE-2022-32905 was published Nov 2, 2022

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as... High Unreviewed

CVE-2022-41973 was published Oct 29, 2022

A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called... High Unreviewed

CVE-2022-31256 was published Oct 26, 2022

Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by... High Unreviewed

CVE-2022-42725 was published Oct 10, 2022

Armoury Crate Service’s logging function has insufficient validation to check if the log file is... Moderate Unreviewed

CVE-2022-38699 was published Sep 29, 2022

A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security... High Unreviewed

CVE-2022-40710 was published Sep 29, 2022

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission... Critical Unreviewed

CVE-2022-23144 was published Sep 25, 2022

Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with... High Unreviewed

CVE-2022-34893 was published Sep 20, 2022

A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro... High Unreviewed

CVE-2022-40143 was published Sep 20, 2022

An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows... Moderate Unreviewed

CVE-2022-0029 was published Sep 15, 2022

In vow, there is a possible information disclosure due to a symbolic link following. This could... Moderate Unreviewed

CVE-2022-26456 was published Sep 7, 2022

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... High Unreviewed

CVE-2022-2897 was published Sep 1, 2022

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... Moderate Unreviewed

CVE-2022-2898 was published Sep 1, 2022

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only... High Unreviewed

CVE-2021-35939 was published Aug 27, 2022

The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points... Critical Unreviewed

CVE-2022-34960 was published Aug 26, 2022

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to... Moderate Unreviewed

CVE-2021-35937 was published Aug 26, 2022

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and... High Unreviewed

CVE-2021-35938 was published Aug 26, 2022

Previous 1 2 … 6 7 8 9 10 … 37 38 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

927 advisories