Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,782
NuGet
683
pip
3,460
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

458 advisories

Loading
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in... Moderate Unreviewed
CVE-2014-9512 was published May 13, 2022
Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer Moderate
CVE-2020-26277 was published for github.com/datacharmer/dbdeployer (Go) Feb 12, 2022
smowton
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary... Moderate Unreviewed
CVE-2010-3879 was published May 13, 2022
Moderate severity vulnerability that affects org.springframework.boot:spring-boot Moderate
CVE-2018-1196 was published for org.springframework.boot:spring-boot (Maven) Oct 18, 2018
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files... Moderate Unreviewed
CVE-2014-3977 was published May 13, 2022
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7653 was published for snyk-broker (npm) Jun 3, 2020
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the... Moderate Unreviewed
CVE-2017-9525 was published May 13, 2022
The session_link_x11_socket function in login/#d-session.c in systemd-logind in systemd,... Moderate Unreviewed
CVE-2012-0871 was published May 13, 2022
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read)... Moderate Unreviewed
CVE-2017-16611 was published May 13, 2022
tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack... Moderate Unreviewed
CVE-2013-0350 was published May 5, 2022
In aee daemon, there is a possible information disclosure due to symbolic link following. This... Moderate Unreviewed
CVE-2022-20103 was published May 4, 2022
In netdiag, there is a possible symbolic link following due to an improper link resolution. This... Moderate Unreviewed
CVE-2022-20085 was published May 4, 2022
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to... Moderate Unreviewed
CVE-2007-5805 was published May 3, 2022
BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on... Moderate Unreviewed
CVE-2002-0824 was published May 3, 2022
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10... Moderate Unreviewed
CVE-2010-0832 was published May 2, 2022
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4... Moderate Unreviewed
CVE-2010-0787 was published May 2, 2022
ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or... Moderate Unreviewed
CVE-2010-0788 was published May 2, 2022
Chip Salzenberg Deliver allows local users to cause a denial of service, obtain sensitive... Moderate Unreviewed
CVE-2010-0439 was published May 2, 2022
The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf... Moderate Unreviewed
CVE-2009-5023 was published May 2, 2022
JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a... Moderate Unreviewed
CVE-2009-1526 was published May 2, 2022
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the... Moderate Unreviewed
CVE-2009-2939 was published May 2, 2022
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2,... Moderate Unreviewed
CVE-2009-1867 was published May 2, 2022
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE... Moderate Unreviewed
CVE-2009-4030 was published May 2, 2022
Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756... Moderate Unreviewed
CVE-2009-0473 was published May 2, 2022
Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2)... Moderate Unreviewed
CVE-2009-0356 was published May 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database