Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,335
Erlang
31
GitHub Actions
22
Go
2,096
Maven
5,000+
npm
3,762
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

452 advisories

Loading
A validation issue existed in the handling of symlinks. This issue was addressed with improved... Moderate Unreviewed
CVE-2022-22582 was published Feb 27, 2023
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local... Moderate Unreviewed
CVE-2023-23558 was published Feb 16, 2023
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the... Moderate Unreviewed
CVE-2022-42291 was published Feb 7, 2023
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary... Moderate Unreviewed
CVE-2012-4455 was published May 17, 2022
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain... Moderate Unreviewed
CVE-2009-4135 was published May 2, 2022
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete... Moderate Unreviewed
CVE-2013-6456 was published May 17, 2022
There is an open race window when writing output in the following utilities in GNU binutils... Moderate Unreviewed
CVE-2021-20197 was published May 24, 2022
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5... Moderate Unreviewed
CVE-2013-2029 was published May 17, 2022
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local,... Moderate Unreviewed
CVE-2018-1063 was published May 14, 2022
The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib... Moderate Unreviewed
CVE-2014-3486 was published May 17, 2022
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users... Moderate Unreviewed
CVE-2012-3440 was published May 17, 2022
rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1,... Moderate Unreviewed
CVE-2013-4214 was published May 17, 2022
The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise... Moderate Unreviewed
CVE-2009-1893 was published May 2, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links Moderate
CVE-2022-39215 was published for tauri (Rust) Sep 16, 2022
martin-ocasek
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before... Moderate Unreviewed
CVE-2011-1384 was published May 17, 2022
The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local... Moderate Unreviewed
CVE-2011-2473 was published May 17, 2022
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other... Moderate Unreviewed
CVE-2014-4199 was published May 17, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent... Moderate Unreviewed
CVE-2021-20153 was published Dec 31, 2021
php-fpm allows local users to write to or create arbitrary files via a symlink attack. Moderate Unreviewed
CVE-2015-3211 was published May 17, 2022
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to... Moderate Unreviewed
CVE-2015-5701 was published May 17, 2022
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. Moderate Unreviewed
CVE-2015-1038 was published May 17, 2022
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack... Moderate Unreviewed
CVE-2008-4993 was published May 17, 2022
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the... Moderate Unreviewed
CVE-2008-5377 was published May 17, 2022
Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to... Moderate Unreviewed
CVE-2008-5742 was published May 17, 2022
The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in... Moderate Unreviewed
CVE-2008-5706 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database