Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,001 advisories

Loading
Armoury Crate Service’s logging function has insufficient validation to check if the log file is... Moderate Unreviewed
CVE-2022-38699 was published Sep 29, 2022
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security... High Unreviewed
CVE-2022-40710 was published Sep 29, 2022
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission... Critical Unreviewed
CVE-2022-23144 was published Sep 25, 2022
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with... High Unreviewed
CVE-2022-34893 was published Sep 20, 2022
A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro... High Unreviewed
CVE-2022-40143 was published Sep 20, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links Moderate
CVE-2022-39215 was published for tauri (Rust) Sep 16, 2022
martin-ocasek
Cargo extracting malicious crates can corrupt arbitrary files Low
CVE-2022-36113 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows... Moderate Unreviewed
CVE-2022-0029 was published Sep 15, 2022
In vow, there is a possible information disclosure due to a symbolic link following. This could... Moderate Unreviewed
CVE-2022-26456 was published Sep 7, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... High Unreviewed
CVE-2022-2897 was published Sep 1, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... Moderate Unreviewed
CVE-2022-2898 was published Sep 1, 2022
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only... High Unreviewed
CVE-2021-35939 was published Aug 27, 2022
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points... Critical Unreviewed
CVE-2022-34960 was published Aug 26, 2022
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to... Moderate Unreviewed
CVE-2021-35937 was published Aug 26, 2022
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and... High Unreviewed
CVE-2021-35938 was published Aug 26, 2022
An improper link resolution flaw can occur while extracting an archive leading to changing modes,... High Unreviewed
CVE-2021-31566 was published Aug 24, 2022
An improper link resolution flaw while extracting an archive can lead to changing the access... High Unreviewed
CVE-2021-23177 was published Aug 24, 2022
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free... High Unreviewed
CVE-2022-36336 was published Jul 31, 2022
On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable... Moderate Unreviewed
CVE-2022-35631 was published Jul 30, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows... High Unreviewed
CVE-2022-31250 was published Jul 21, 2022
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user... High Unreviewed
CVE-2022-32450 was published Jul 19, 2022
In sound driver, there is a possible information disclosure due to symlink following. This could... Moderate Unreviewed
CVE-2022-21770 was published Jul 7, 2022
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from... High Unreviewed
CVE-2022-2145 was published Jun 29, 2022
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure... High Unreviewed
CVE-2021-42056 was published Jun 25, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server Moderate
CVE-2022-31036 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz DavidKorczynski
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database