GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,226
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,707
NuGet
661
pip
3,337
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,006 advisories
Filter by severity
Local privilege escalation due to improper soft link handling. The following products are...
High
Unreviewed
CVE-2022-44747
was published
Nov 8, 2022
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS...
High
Unreviewed
CVE-2022-32905
was published
Nov 2, 2022
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as...
High
Unreviewed
CVE-2022-41973
was published
Oct 29, 2022
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called...
High
Unreviewed
CVE-2022-31256
was published
Oct 26, 2022
Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by...
High
Unreviewed
CVE-2022-42725
was published
Oct 10, 2022
Armoury Crate Service’s logging function has insufficient validation to check if the log file is...
Moderate
Unreviewed
CVE-2022-38699
was published
Sep 29, 2022
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security...
High
Unreviewed
CVE-2022-40710
was published
Sep 29, 2022
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission...
Critical
Unreviewed
CVE-2022-23144
was published
Sep 25, 2022
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with...
High
Unreviewed
CVE-2022-34893
was published
Sep 20, 2022
A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro...
High
Unreviewed
CVE-2022-40143
was published
Sep 20, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
Moderate
CVE-2022-39215
was published
for
tauri
(Rust)
Sep 16, 2022
Cargo extracting malicious crates can corrupt arbitrary files
Low
CVE-2022-36113
was published
for
cargo
(Rust)
Sep 16, 2022
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows...
Moderate
Unreviewed
CVE-2022-0029
was published
Sep 15, 2022
In vow, there is a possible information disclosure due to a symbolic link following. This could...
Moderate
Unreviewed
CVE-2022-26456
was published
Sep 7, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file...
High
Unreviewed
CVE-2022-2897
was published
Sep 1, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file...
Moderate
Unreviewed
CVE-2022-2898
was published
Sep 1, 2022
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only...
High
Unreviewed
CVE-2021-35939
was published
Aug 27, 2022
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points...
Critical
Unreviewed
CVE-2022-34960
was published
Aug 26, 2022
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and...
High
Unreviewed
CVE-2021-35938
was published
Aug 26, 2022
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to...
Moderate
Unreviewed
CVE-2021-35937
was published
Aug 26, 2022
An improper link resolution flaw while extracting an archive can lead to changing the access...
High
Unreviewed
CVE-2021-23177
was published
Aug 24, 2022
An improper link resolution flaw can occur while extracting an archive leading to changing modes,...
High
Unreviewed
CVE-2021-31566
was published
Aug 24, 2022
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free...
High
Unreviewed
CVE-2022-36336
was published
Jul 31, 2022
On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable...
Moderate
Unreviewed
CVE-2022-35631
was published
Jul 30, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows...
High
Unreviewed
CVE-2022-31250
was published
Jul 21, 2022
ProTip!
Advisories are also available from the
GraphQL API