Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,163 advisories

Loading
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security... High Unreviewed
CVE-2021-23892 was published May 24, 2022
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap... High Unreviewed
CVE-2019-3699 was published May 24, 2022
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap... High Unreviewed
CVE-2019-3697 was published May 24, 2022
Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability.... Low Unreviewed
CVE-2020-5324 was published May 24, 2022
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE... Moderate Unreviewed
CVE-2019-3698 was published May 24, 2022
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the... High Unreviewed
CVE-2020-10665 was published May 24, 2022
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points... Critical Unreviewed
CVE-2022-34960 was published Aug 26, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE... High Unreviewed
CVE-2020-8015 was published May 24, 2022
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink)... High Unreviewed
CVE-2020-15861 was published May 24, 2022
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root... Moderate Unreviewed
CVE-2020-24332 was published May 24, 2022
Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed... Moderate Unreviewed
CVE-2020-6477 was published May 24, 2022
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6... High Unreviewed
CVE-2020-7346 was published May 24, 2022
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability... High Unreviewed
CVE-2020-9682 was published May 24, 2022
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could... Moderate Unreviewed
CVE-2020-3437 was published May 24, 2022
A vulnerability in Trend Micro Apex One on macOS may allow an attacker to manipulate a certain... High Unreviewed
CVE-2020-24559 was published May 24, 2022
checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files... Moderate Unreviewed
CVE-2018-21269 was published May 24, 2022
A vulnerability in Trend Micro Apex One and OfficeScan XG SP1 on Microsoft Windows may allow an... High Unreviewed
CVE-2020-24556 was published May 24, 2022
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the... Moderate Unreviewed
CVE-2020-24654 was published May 24, 2022
UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated... High Unreviewed
CVE-2020-5795 was published May 24, 2022
Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a... High Unreviewed
CVE-2020-23968 was published May 24, 2022
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7... Moderate Unreviewed
CVE-2020-7319 was published May 24, 2022
opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d... Moderate Unreviewed
CVE-2017-18925 was published May 24, 2022
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2... Critical Unreviewed
CVE-2020-25989 was published May 24, 2022
UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an... Moderate Unreviewed
CVE-2020-5797 was published May 24, 2022
The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges... High Unreviewed
CVE-2020-35766 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database