Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

987 advisories

Loading
When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be... High Unreviewed
CVE-2022-45412 was published Dec 22, 2022
A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical.... High Unreviewed
CVE-2022-4563 was published Dec 21, 2022
Certain HP Print products and Digital Sending products may be vulnerable to potential remote code... Critical Unreviewed
CVE-2021-3942 was published Dec 12, 2022
Buildah (as part of Podman) vulnerable to Link Following Moderate
CVE-2022-4122 was published for github.com/containers/podman/v4 (Go) Dec 8, 2022
guidobonomi
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended... High Unreviewed
CVE-2009-1143 was published Nov 23, 2022
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a... Moderate Unreviewed
CVE-2009-1142 was published Nov 23, 2022
Local privilege escalation due to improper soft link handling. The following products are... High Unreviewed
CVE-2022-44747 was published Nov 8, 2022
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... High Unreviewed
CVE-2022-32905 was published Nov 2, 2022
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as... High Unreviewed
CVE-2022-41973 was published Oct 29, 2022
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called... High Unreviewed
CVE-2022-31256 was published Oct 26, 2022
Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by... High Unreviewed
CVE-2022-42725 was published Oct 10, 2022
Armoury Crate Service’s logging function has insufficient validation to check if the log file is... Moderate Unreviewed
CVE-2022-38699 was published Sep 29, 2022
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security... High Unreviewed
CVE-2022-40710 was published Sep 29, 2022
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission... Critical Unreviewed
CVE-2022-23144 was published Sep 25, 2022
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with... High Unreviewed
CVE-2022-34893 was published Sep 20, 2022
A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro... High Unreviewed
CVE-2022-40143 was published Sep 20, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links Moderate
CVE-2022-39215 was published for tauri (Rust) Sep 16, 2022
martin-ocasek
Cargo extracting malicious crates can corrupt arbitrary files Low
CVE-2022-36113 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows... Moderate Unreviewed
CVE-2022-0029 was published Sep 15, 2022
In vow, there is a possible information disclosure due to a symbolic link following. This could... Moderate Unreviewed
CVE-2022-26456 was published Sep 7, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... High Unreviewed
CVE-2022-2897 was published Sep 1, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... Moderate Unreviewed
CVE-2022-2898 was published Sep 1, 2022
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only... High Unreviewed
CVE-2021-35939 was published Aug 27, 2022
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points... Critical Unreviewed
CVE-2022-34960 was published Aug 26, 2022
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and... High Unreviewed
CVE-2021-35938 was published Aug 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database