GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,496
Composer 4,170
Erlang 30
GitHub Actions 19
Go 1,981
Maven 5,155
npm 3,700
NuGet 656
pip 3,319
Pub 11
RubyGems 882
Rust 834
Swift 35

Unreviewed advisories

All unreviewed 232,923

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

335 advisories

Filter by severity

Sort by

Least recently updated

Local privilege escalation due to improper soft link handling. The following products are... High Unreviewed

CVE-2022-44747 was published Nov 8, 2022

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... High Unreviewed

CVE-2022-32905 was published Nov 2, 2022

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as... High Unreviewed

CVE-2022-41973 was published Oct 29, 2022

A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called... High Unreviewed

CVE-2022-31256 was published Oct 26, 2022

Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by... High Unreviewed

CVE-2022-42725 was published Oct 10, 2022

A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security... High Unreviewed

CVE-2022-40710 was published Sep 29, 2022

Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with... High Unreviewed

CVE-2022-34893 was published Sep 20, 2022

A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro... High Unreviewed

CVE-2022-40143 was published Sep 20, 2022

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... High Unreviewed

CVE-2022-2897 was published Sep 1, 2022

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only... High Unreviewed

CVE-2021-35939 was published Aug 27, 2022

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and... High Unreviewed

CVE-2021-35938 was published Aug 26, 2022

An improper link resolution flaw can occur while extracting an archive leading to changing modes,... High Unreviewed

CVE-2021-31566 was published Aug 24, 2022

An improper link resolution flaw while extracting an archive can lead to changing the access... High Unreviewed

CVE-2021-23177 was published Aug 24, 2022

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free... High Unreviewed

CVE-2022-36336 was published Jul 31, 2022

A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows... High Unreviewed

CVE-2022-31250 was published Jul 21, 2022

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user... High Unreviewed

CVE-2022-32450 was published Jul 19, 2022

Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from... High Unreviewed

CVE-2022-2145 was published Jun 29, 2022

Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure... High Unreviewed

CVE-2021-42056 was published Jun 25, 2022

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a... High Unreviewed

CVE-2022-31218 was published Jun 16, 2022

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a... High Unreviewed

CVE-2022-31219 was published Jun 16, 2022

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a... High Unreviewed

CVE-2022-31217 was published Jun 16, 2022

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a... High Unreviewed

CVE-2022-31216 was published Jun 16, 2022

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local,... High Unreviewed

CVE-2022-28225 was published Jun 16, 2022

Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local,... High Unreviewed

CVE-2021-25261 was published Jun 16, 2022

Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could... High Unreviewed

CVE-2022-30687 was published May 28, 2022

Previous 1 2 3 4 5 6 7 … 13 14 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

335 advisories