Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,318
Erlang
31
GitHub Actions
21
Go
2,074
Maven
5,000+
npm
3,746
NuGet
674
pip
3,434
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

417 advisories

Loading
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with... High Unreviewed
CVE-2022-34893 was published Sep 20, 2022
A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro... High Unreviewed
CVE-2022-40143 was published Sep 20, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... High Unreviewed
CVE-2022-2897 was published Sep 1, 2022
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only... High Unreviewed
CVE-2021-35939 was published Aug 27, 2022
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and... High Unreviewed
CVE-2021-35938 was published Aug 26, 2022
An improper link resolution flaw while extracting an archive can lead to changing the access... High Unreviewed
CVE-2021-23177 was published Aug 24, 2022
An improper link resolution flaw can occur while extracting an archive leading to changing modes,... High Unreviewed
CVE-2021-31566 was published Aug 24, 2022
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free... High Unreviewed
CVE-2022-36336 was published Jul 31, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows... High Unreviewed
CVE-2022-31250 was published Jul 21, 2022
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user... High Unreviewed
CVE-2022-32450 was published Jul 19, 2022
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from... High Unreviewed
CVE-2022-2145 was published Jun 29, 2022
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure... High Unreviewed
CVE-2021-42056 was published Jun 25, 2022
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a... High Unreviewed
CVE-2022-31217 was published Jun 16, 2022
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a... High Unreviewed
CVE-2022-31219 was published Jun 16, 2022
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a... High Unreviewed
CVE-2022-31218 was published Jun 16, 2022
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a... High Unreviewed
CVE-2022-31216 was published Jun 16, 2022
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local,... High Unreviewed
CVE-2022-28225 was published Jun 16, 2022
Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local,... High Unreviewed
CVE-2021-25261 was published Jun 16, 2022
Link Following in Deno High
CVE-2021-41641 was published for deno (Rust) Jun 13, 2022
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could... High Unreviewed
CVE-2022-30687 was published May 28, 2022
A validation issue existed in the handling of symlinks and was addressed with improved validation... High Unreviewed
CVE-2022-26704 was published May 27, 2022
Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service. High Unreviewed
CVE-2013-4655 was published May 24, 2022
An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions... High Unreviewed
CVE-2019-1385 was published May 24, 2022
In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite... High Unreviewed
CVE-2021-41057 was published May 24, 2022
Windows Installer Elevation of Privilege Vulnerability High Unreviewed
CVE-2021-41379 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database