GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,643
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
987 advisories
Filter by severity
An improper link resolution before file access vulnerability exists in the Palo Alto Networks...
High
Unreviewed
CVE-2022-0012
was published
Jan 13, 2022
Windows Cleanup Manager Elevation of Privilege Vulnerability.
Moderate
Unreviewed
CVE-2022-21838
was published
Jan 12, 2022
Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE...
High
Unreviewed
CVE-2022-21895
was published
Jan 12, 2022
Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE...
High
Unreviewed
CVE-2022-21919
was published
Jan 12, 2022
A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and...
High
Unreviewed
CVE-2021-44024
was published
Jan 11, 2022
A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on...
High
Unreviewed
CVE-2021-45442
was published
Jan 11, 2022
Link Following in Iris
High
CVE-2021-23772
was published
for
github.com/kataras/iris
(Go)
Jan 6, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent...
Moderate
Unreviewed
CVE-2021-20153
was published
Dec 31, 2021
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer)...
High
Unreviewed
CVE-2021-44023
was published
Dec 17, 2021
Windows Setup Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2021-43237
was published
Dec 16, 2021
Windows 10 Update Assistant Elevation of Privilege Vulnerability This CVE ID is unique from CVE...
High
Unreviewed
CVE-2021-42297
was published
Nov 25, 2021
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37701
was published
for
tar
(npm)
Aug 31, 2021
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37712
was published
for
tar
(npm)
Aug 31, 2021
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
High
CVE-2021-39134
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
High
CVE-2021-39135
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
Directory Traversal in Archive_Tar
High
CVE-2021-32610
was published
for
pear/archive_tar
(Composer)
Aug 9, 2021
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
High
CVE-2021-32803
was published
for
tar
(npm)
Aug 3, 2021
Kubernetes kubectl cp Vulnerable to Symlink Attack
Moderate
CVE-2019-11251
was published
for
k8s.io/kubernetes
(Go)
May 18, 2021
Directory exposure in jetty
Low
CVE-2021-28163
was published
for
org.eclipse.jetty:jetty-deploy
(Maven)
Apr 6, 2021
Remote Code Execution in SCIMono
High
CVE-2021-21479
was published
for
com.sap.scimono:scimono-server
(Maven)
Feb 10, 2021
Arbitrary File Read in Snyk Broker
Moderate
CVE-2020-7653
was published
for
snyk-broker
(npm)
Jun 3, 2020
ProTip!
Advisories are also available from the
GraphQL API