GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
987 advisories
Filter by severity
The combination of primitives offered by SMB and AFP in their default configuration allows the...
Critical
Unreviewed
CVE-2022-22995
was published
Mar 27, 2022
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any...
High
Unreviewed
CVE-2022-26659
was published
Mar 26, 2022
An issue existed within the path validation logic for symlinks. This issue was addressed with...
High
Unreviewed
CVE-2022-22585
was published
Mar 19, 2022
In connsyslogger, there is a possible symbolic link following due to improper link resolution....
Moderate
Unreviewed
CVE-2022-20050
was published
Mar 11, 2022
ROG Live Service’s function for deleting temp files created by installation has an improper link...
High
Unreviewed
CVE-2022-22262
was published
Mar 2, 2022
A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150...
High
Unreviewed
CVE-2022-24671
was published
Feb 25, 2022
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend...
High
Unreviewed
CVE-2022-24680
was published
Feb 25, 2022
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend...
High
Unreviewed
CVE-2022-24679
was published
Feb 25, 2022
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink...
Moderate
Unreviewed
CVE-2021-44141
was published
Feb 22, 2022
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker...
High
Unreviewed
CVE-2021-44730
was published
Feb 19, 2022
Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin
Moderate
CVE-2022-25177
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin
Moderate
CVE-2022-25176
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
Link Following in Jenkins Pipeline Multibranch Plugin
Moderate
CVE-2022-25179
was published
for
org.jenkins-ci.plugins.workflow:workflow-multibranch
(Maven)
Feb 16, 2022
Link Following in Kata Runtime
High
CVE-2020-2026
was published
for
github.com/kata-containers/runtime
(Go)
Feb 15, 2022
Arbitrary File Write in Libcontainer
High
CVE-2015-3629
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Symlink Attack in kubectl cp
Moderate
CVE-2019-1002101
was published
for
k8s.io/kubernetes
(Go)
Feb 15, 2022
Symlink Attack in Libcontainer and Docker Engine
Moderate
CVE-2015-3627
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Mercurial Path Traversal/Link Following vulnerability
Moderate
CVE-2019-3902
was published
for
mercurial
(pip)
Feb 15, 2022
Directory Traversal in Docker
Moderate
CVE-2014-9358
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Arbitrary Code Execution in Docker
High
CVE-2014-6407
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Zip slip directory exploit in github.com/deislabs/oras
High
CVE-2021-21272
was published
for
github.com/deislabs/oras
(Go)
Feb 15, 2022
Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer
Moderate
CVE-2020-26277
was published
for
github.com/datacharmer/dbdeployer
(Go)
Feb 12, 2022
An improper link resolution before file access ('link following') vulnerability exists in the...
High
Unreviewed
CVE-2022-0017
was published
Feb 11, 2022
This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a...
High
Unreviewed
CVE-2021-23521
was published
Feb 8, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman...
High
Unreviewed
CVE-2022-21944
was published
Jan 27, 2022
ProTip!
Advisories are also available from the
GraphQL API