Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,163 advisories

Loading
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on... High Unreviewed
CVE-2017-18078 was published May 13, 2022
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7653 was published for snyk-broker (npm) Jun 3, 2020
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server... Low Unreviewed
CVE-2020-8013 was published May 24, 2022
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to... Low Unreviewed
CVE-2014-5459 was published May 13, 2022
Arbitrary File Write in npm High
CVE-2019-16775 was published for npm (npm) Dec 13, 2019
DanielRuf
Moderate severity vulnerability that affects org.springframework.boot:spring-boot Moderate
CVE-2018-1196 was published for org.springframework.boot:spring-boot (Maven) Oct 18, 2018
A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the... High Unreviewed
CVE-2019-8455 was published May 13, 2022
modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2... Low Unreviewed
CVE-2015-0794 was published May 13, 2022
Directory exposure in jetty Low
CVE-2021-28163 was published for org.eclipse.jetty:jetty-deploy (Maven) Apr 6, 2021
svarovski
Remote Code Execution in SCIMono High
CVE-2021-21479 was published for com.sap.scimono:scimono-server (Maven) Feb 10, 2021
Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS... High Unreviewed
CVE-2018-11637 was published May 13, 2022
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory... High Unreviewed
CVE-2018-12015 was published May 13, 2022
Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer Moderate
CVE-2020-26277 was published for github.com/datacharmer/dbdeployer (Go) Feb 12, 2022
smowton
Link Following in Kata Runtime High
CVE-2020-2026 was published for github.com/kata-containers/runtime (Go) Feb 15, 2022
Directory Traversal in Archive_Tar High
CVE-2021-32610 was published for pear/archive_tar (Composer) Aug 9, 2021
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly... High Unreviewed
CVE-2019-0572 was published May 13, 2022
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly... High Unreviewed
CVE-2019-0574 was published May 13, 2022
NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is... High Unreviewed
CVE-2019-5674 was published May 13, 2022
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer)... High Unreviewed
CVE-2021-44023 was published Dec 17, 2021
NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which... High Unreviewed
CVE-2019-5665 was published May 13, 2022
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in... Moderate Unreviewed
CVE-2014-9512 was published May 13, 2022
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to... Low Unreviewed
CVE-2011-4028 was published May 13, 2022
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows... Moderate Unreviewed
CVE-2014-8585 was published May 13, 2022
Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink... Moderate Unreviewed
CVE-2012-5303 was published May 13, 2022
perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software,... Moderate Unreviewed
CVE-2016-10374 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database