Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+

452 advisories

Loading
OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account... Moderate Unreviewed
CVE-2020-8585 was published May 24, 2022
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on... Moderate Unreviewed
CVE-2020-4966 was published May 24, 2022
Arbitrary file read vulnerability in workspace browsers in Jenkins Moderate
CVE-2021-21602 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could... Moderate Unreviewed
CVE-2021-1145 was published May 24, 2022
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including... Moderate Unreviewed
CVE-2020-28935 was published May 24, 2022
UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an... Moderate Unreviewed
CVE-2020-5797 was published May 24, 2022
checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files... Moderate Unreviewed
CVE-2018-21269 was published May 24, 2022
opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d... Moderate Unreviewed
CVE-2017-18925 was published May 24, 2022
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7... Moderate Unreviewed
CVE-2020-7319 was published May 24, 2022
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the... Moderate Unreviewed
CVE-2020-24654 was published May 24, 2022
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root... Moderate Unreviewed
CVE-2020-24332 was published May 24, 2022
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could... Moderate Unreviewed
CVE-2020-3437 was published May 24, 2022
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of... Moderate Unreviewed
CVE-2020-14004 was published May 24, 2022
A vulnerability in the Cisco Application Framework component of the Cisco IOx application... Moderate Unreviewed
CVE-2020-3237 was published May 24, 2022
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an... Moderate Unreviewed
CVE-2020-3223 was published May 24, 2022
Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed... Moderate Unreviewed
CVE-2020-6477 was published May 24, 2022
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE... Moderate Unreviewed
CVE-2019-3698 was published May 24, 2022
Kevin Backhouse discovered that apport would read a user-supplied configuration file with... Moderate Unreviewed
CVE-2019-11481 was published May 24, 2022
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports... Moderate Unreviewed
CVE-2015-3147 was published May 24, 2022
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A... Moderate Unreviewed
CVE-2019-3750 was published May 24, 2022
The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to... Moderate Unreviewed
CVE-2019-18645 was published May 24, 2022
Podman Symlink Vulnerability Moderate
CVE-2019-18466 was published for github.com/containers/podman/v4 (Go) May 24, 2022
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming... Moderate Unreviewed
CVE-2019-11230 was published May 24, 2022
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than... Moderate Unreviewed
CVE-2019-13636 was published May 24, 2022
deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper:... Moderate Unreviewed
CVE-2019-13229 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database