Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+

421 advisories

Loading
Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly... High Unreviewed
CVE-2017-8108 was published May 13, 2022
SoSReport Predictable Tmp File Names High
CVE-2015-7529 was published for sosreport (pip) May 13, 2022
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp... High Unreviewed
CVE-2014-3219 was published May 13, 2022
Ansible Sandbox Escape via Symlink Attack High
CVE-2015-6240 was published for ansible (pip) May 13, 2022
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to... High Unreviewed
CVE-2015-1335 was published May 14, 2022
Mercurial missing symlink check High
CVE-2017-1000115 was published for mercurial (pip) May 14, 2022
Numpy arbitrary file write via symlink attack High
CVE-2014-1859 was published for numpy (pip) May 14, 2022
jhutchings1
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and... High Unreviewed
CVE-2018-14651 was published May 14, 2022
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple... High Unreviewed
CVE-2014-4480 was published May 14, 2022
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows... High Unreviewed
CVE-2019-8372 was published May 14, 2022
The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and... High Unreviewed
CVE-2018-6557 was published May 14, 2022
Improper Link Resolution Before File Access in logilab-commons High
CVE-2014-1838 was published for logilab-common (pip) May 14, 2022
Denial of service via crafting malicious link and sending it to a privileged user can cause... High Unreviewed
CVE-2018-15351 was published May 14, 2022
/bin/# in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows... High Unreviewed
CVE-2008-5394 was published May 14, 2022
AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE:... High Unreviewed
CVE-2015-7724 was published May 14, 2022
AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. High Unreviewed
CVE-2015-7723 was published May 14, 2022
An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs... High Unreviewed
CVE-2018-13054 was published May 14, 2022
The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6... High Unreviewed
CVE-2016-9774 was published May 14, 2022
In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges... High Unreviewed
CVE-2018-10722 was published May 14, 2022
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary... High Unreviewed
CVE-2018-10380 was published May 14, 2022
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have... High Unreviewed
CVE-2015-3315 was published May 14, 2022
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package... High Unreviewed
CVE-2013-4364 was published May 14, 2022
Syncthing vulnerable to symlink traversal and arbitrary file overwrite High
CVE-2017-1000420 was published for github.com/syncthing/syncthing (Go) May 14, 2022
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or... High Unreviewed
CVE-2016-3108 was published May 14, 2022
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link... High Unreviewed
CVE-2022-30523 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database