Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,163 advisories

Loading
SoSReport Predictable Tmp File Names High
CVE-2015-7529 was published for sosreport (pip) May 13, 2022
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp... High Unreviewed
CVE-2014-3219 was published May 13, 2022
Ansible Sandbox Escape via Symlink Attack High
CVE-2015-6240 was published for ansible (pip) May 13, 2022
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user... Moderate Unreviewed
CVE-2017-7418 was published May 14, 2022
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file... Moderate Unreviewed
CVE-2018-19044 was published May 14, 2022
keycloak-httpd-client-install symlink attack vulnerability Moderate
CVE-2017-15111 was published for keycloak-httpd-client-install (pip) May 14, 2022
Puppet arbitrary file overwrite Moderate
CVE-2011-3869 was published for puppet (RubyGems) May 14, 2022
Puppet allows local users to modify the permissions of arbitrary files Moderate
CVE-2011-3870 was published for puppet (RubyGems) May 14, 2022
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to... High Unreviewed
CVE-2015-1335 was published May 14, 2022
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink... Moderate Unreviewed
CVE-2015-1331 was published May 14, 2022
Mercurial missing symlink check High
CVE-2017-1000115 was published for mercurial (pip) May 14, 2022
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local... Moderate Unreviewed
CVE-2018-19637 was published May 14, 2022
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an... Moderate Unreviewed
CVE-2018-19638 was published May 14, 2022
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of... Moderate Unreviewed
CVE-2013-1976 was published May 14, 2022
Improper Link Resolution Before File Access in Suds Moderate
CVE-2013-2217 was published for suds (pip) May 14, 2022
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on... Moderate Unreviewed
CVE-2013-2561 was published May 14, 2022
Numpy arbitrary file write via symlink attack High
CVE-2014-1859 was published for numpy (pip) May 14, 2022
jhutchings1
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and... High Unreviewed
CVE-2018-14651 was published May 14, 2022
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10... Moderate Unreviewed
CVE-2016-4679 was published May 14, 2022
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple... High Unreviewed
CVE-2014-4480 was published May 14, 2022
syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to... Low Unreviewed
CVE-2014-4372 was published May 14, 2022
CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local... Moderate Unreviewed
CVE-2014-1272 was published May 14, 2022
Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability Critical
CVE-2018-12026 was published for passenger (RubyGems) May 14, 2022
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows... High Unreviewed
CVE-2019-8372 was published May 14, 2022
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the... High Unreviewed
CVE-2016-9566 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database