Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,163 advisories

Loading
runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on... Moderate Unreviewed
CVE-2008-4970 was published May 17, 2022
scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp... Moderate Unreviewed
CVE-2008-4983 was published May 17, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server Moderate
CVE-2022-31036 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz DavidKorczynski
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from... High Unreviewed
CVE-2022-2145 was published Jun 29, 2022
The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files... Moderate Unreviewed
CVE-2015-8326 was published May 17, 2022
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure... High Unreviewed
CVE-2021-42056 was published Jun 25, 2022
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks... Moderate Unreviewed
CVE-2015-0556 was published May 17, 2022
ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the... Moderate Unreviewed
CVE-2012-3345 was published May 17, 2022
Insecure Temporary File in SWHKD Critical
CVE-2022-27815 was published for Simple-Wayland-HotKey-Daemon (Rust) Mar 31, 2022
Shinyzenith
In sound driver, there is a possible information disclosure due to symlink following. This could... Moderate Unreviewed
CVE-2022-21770 was published Jul 7, 2022
vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root... Low Unreviewed
CVE-2015-6927 was published May 17, 2022
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a... Low Unreviewed
CVE-2014-5029 was published May 17, 2022
ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to ... Moderate Unreviewed
CVE-2014-4038 was published May 17, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows... High Unreviewed
CVE-2022-31250 was published Jul 21, 2022
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html... Low Unreviewed
CVE-2014-5030 was published May 17, 2022
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user... High Unreviewed
CVE-2022-32450 was published Jul 19, 2022
An issue existed within the path validation logic for symlinks. This issue was addressed with... High Unreviewed
CVE-2020-10003 was published May 24, 2022
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) -... Low Unreviewed
CVE-2015-4155 was published May 17, 2022
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x... Moderate Unreviewed
CVE-2015-3436 was published May 17, 2022
On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable... Moderate Unreviewed
CVE-2022-35631 was published Jul 30, 2022
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in... Low Unreviewed
CVE-2013-4262 was published May 17, 2022
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges... Low Unreviewed
CVE-2013-7393 was published May 17, 2022
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which... High Unreviewed
CVE-2020-7040 was published May 24, 2022
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary... Low Unreviewed
CVE-2014-3423 was published May 17, 2022
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite... Low Unreviewed
CVE-2014-3422 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database