Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,318
Erlang
31
GitHub Actions
21
Go
2,074
Maven
5,000+
npm
3,746
NuGet
674
pip
3,434
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

417 advisories

Loading
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and... High Unreviewed
CVE-2021-35938 was published Aug 26, 2022
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer)... High Unreviewed
CVE-2021-44023 was published Dec 17, 2021
NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which... High Unreviewed
CVE-2019-5665 was published May 13, 2022
NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is... High Unreviewed
CVE-2019-5674 was published May 13, 2022
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC)... High Unreviewed
CVE-2019-0841 was published May 13, 2022
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly... High Unreviewed
CVE-2019-0572 was published May 13, 2022
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly... High Unreviewed
CVE-2019-0574 was published May 13, 2022
Directory Traversal in Archive_Tar High
CVE-2021-32610 was published for pear/archive_tar (Composer) Aug 9, 2021
Link Following in Kata Runtime High
CVE-2020-2026 was published for github.com/kata-containers/runtime (Go) Feb 15, 2022
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory... High Unreviewed
CVE-2018-12015 was published May 13, 2022
Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS... High Unreviewed
CVE-2018-11637 was published May 13, 2022
Remote Code Execution in SCIMono High
CVE-2021-21479 was published for com.sap.scimono:scimono-server (Maven) Feb 10, 2021
A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the... High Unreviewed
CVE-2019-8455 was published May 13, 2022
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14;... High Unreviewed
CVE-2016-6664 was published May 13, 2022
Arbitrary File Write in npm High
CVE-2019-16775 was published for npm (npm) Dec 13, 2019
DanielRuf
It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when... High Unreviewed
CVE-2017-7501 was published May 13, 2022
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on... High Unreviewed
CVE-2017-18078 was published May 13, 2022
The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6... High Unreviewed
CVE-2016-1247 was published May 13, 2022
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path... High Unreviewed
CVE-2018-6954 was published May 13, 2022
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink... High Unreviewed
CVE-2018-10928 was published May 13, 2022
Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for... High Unreviewed
CVE-2022-23742 was published May 13, 2022
An improper link resolution before file access ('Link Following') vulnerability has been reported... High Unreviewed
CVE-2021-44052 was published May 6, 2022
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1... High Unreviewed
CVE-2013-0159 was published May 5, 2022
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs... High Unreviewed
CVE-2004-0967 was published May 3, 2022
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended... High Unreviewed
CVE-2009-1143 was published Nov 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database