GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,001 advisories
Filter by severity
Armoury Crate Service’s logging function has insufficient validation to check if the log file is...
Moderate
Unreviewed
CVE-2022-38699
was published
Sep 29, 2022
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security...
High
Unreviewed
CVE-2022-40710
was published
Sep 29, 2022
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission...
Critical
Unreviewed
CVE-2022-23144
was published
Sep 25, 2022
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with...
High
Unreviewed
CVE-2022-34893
was published
Sep 20, 2022
A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro...
High
Unreviewed
CVE-2022-40143
was published
Sep 20, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
Moderate
CVE-2022-39215
was published
for
tauri
(Rust)
Sep 16, 2022
Cargo extracting malicious crates can corrupt arbitrary files
Low
CVE-2022-36113
was published
for
cargo
(Rust)
Sep 16, 2022
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows...
Moderate
Unreviewed
CVE-2022-0029
was published
Sep 15, 2022
In vow, there is a possible information disclosure due to a symbolic link following. This could...
Moderate
Unreviewed
CVE-2022-26456
was published
Sep 7, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file...
High
Unreviewed
CVE-2022-2897
was published
Sep 1, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file...
Moderate
Unreviewed
CVE-2022-2898
was published
Sep 1, 2022
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only...
High
Unreviewed
CVE-2021-35939
was published
Aug 27, 2022
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points...
Critical
Unreviewed
CVE-2022-34960
was published
Aug 26, 2022
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to...
Moderate
Unreviewed
CVE-2021-35937
was published
Aug 26, 2022
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and...
High
Unreviewed
CVE-2021-35938
was published
Aug 26, 2022
An improper link resolution flaw can occur while extracting an archive leading to changing modes,...
High
Unreviewed
CVE-2021-31566
was published
Aug 24, 2022
An improper link resolution flaw while extracting an archive can lead to changing the access...
High
Unreviewed
CVE-2021-23177
was published
Aug 24, 2022
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free...
High
Unreviewed
CVE-2022-36336
was published
Jul 31, 2022
On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable...
Moderate
Unreviewed
CVE-2022-35631
was published
Jul 30, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows...
High
Unreviewed
CVE-2022-31250
was published
Jul 21, 2022
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user...
High
Unreviewed
CVE-2022-32450
was published
Jul 19, 2022
In sound driver, there is a possible information disclosure due to symlink following. This could...
Moderate
Unreviewed
CVE-2022-21770
was published
Jul 7, 2022
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from...
High
Unreviewed
CVE-2022-2145
was published
Jun 29, 2022
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure...
High
Unreviewed
CVE-2021-42056
was published
Jun 25, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Moderate
CVE-2022-31036
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
ProTip!
Advisories are also available from the
GraphQL API