Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,226
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,707
NuGet
661
pip
3,337
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,006 advisories

Loading
Local privilege escalation due to improper soft link handling. The following products are... High Unreviewed
CVE-2022-44747 was published Nov 8, 2022
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... High Unreviewed
CVE-2022-32905 was published Nov 2, 2022
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as... High Unreviewed
CVE-2022-41973 was published Oct 29, 2022
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called... High Unreviewed
CVE-2022-31256 was published Oct 26, 2022
Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by... High Unreviewed
CVE-2022-42725 was published Oct 10, 2022
Armoury Crate Service’s logging function has insufficient validation to check if the log file is... Moderate Unreviewed
CVE-2022-38699 was published Sep 29, 2022
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security... High Unreviewed
CVE-2022-40710 was published Sep 29, 2022
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission... Critical Unreviewed
CVE-2022-23144 was published Sep 25, 2022
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with... High Unreviewed
CVE-2022-34893 was published Sep 20, 2022
A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro... High Unreviewed
CVE-2022-40143 was published Sep 20, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links Moderate
CVE-2022-39215 was published for tauri (Rust) Sep 16, 2022
martin-ocasek
Cargo extracting malicious crates can corrupt arbitrary files Low
CVE-2022-36113 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows... Moderate Unreviewed
CVE-2022-0029 was published Sep 15, 2022
In vow, there is a possible information disclosure due to a symbolic link following. This could... Moderate Unreviewed
CVE-2022-26456 was published Sep 7, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... High Unreviewed
CVE-2022-2897 was published Sep 1, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... Moderate Unreviewed
CVE-2022-2898 was published Sep 1, 2022
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only... High Unreviewed
CVE-2021-35939 was published Aug 27, 2022
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points... Critical Unreviewed
CVE-2022-34960 was published Aug 26, 2022
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and... High Unreviewed
CVE-2021-35938 was published Aug 26, 2022
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to... Moderate Unreviewed
CVE-2021-35937 was published Aug 26, 2022
An improper link resolution flaw while extracting an archive can lead to changing the access... High Unreviewed
CVE-2021-23177 was published Aug 24, 2022
An improper link resolution flaw can occur while extracting an archive leading to changing modes,... High Unreviewed
CVE-2021-31566 was published Aug 24, 2022
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free... High Unreviewed
CVE-2022-36336 was published Jul 31, 2022
On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable... Moderate Unreviewed
CVE-2022-35631 was published Jul 30, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows... High Unreviewed
CVE-2022-31250 was published Jul 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database