Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

512 advisories

Loading
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have... High Unreviewed
CVE-2015-3315 was published May 14, 2022
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package... High Unreviewed
CVE-2013-4364 was published May 14, 2022
Syncthing vulnerable to symlink traversal and arbitrary file overwrite High
CVE-2017-1000420 was published for github.com/syncthing/syncthing (Go) May 14, 2022
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or... High Unreviewed
CVE-2016-3108 was published May 14, 2022
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link... High Unreviewed
CVE-2022-30523 was published May 17, 2022
The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in... High Unreviewed
CVE-2016-1255 was published May 17, 2022
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to... High Unreviewed
CVE-2015-5705 was published May 17, 2022
SaltStack Salt Insecure Temporary File Creation High
CVE-2014-3563 was published for salt (pip) May 17, 2022
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of... High Unreviewed
CVE-2008-4694 was published May 17, 2022
PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles High
CVE-2014-1932 was published for pillow (pip) May 17, 2022
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to... High Unreviewed
CVE-2016-6253 was published May 17, 2022
The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates... High Unreviewed
CVE-2016-7490 was published May 17, 2022
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain... High Unreviewed
CVE-2015-6566 was published May 17, 2022
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk... High Unreviewed
CVE-2015-1338 was published May 17, 2022
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to... High Unreviewed
CVE-2015-1130 was published May 17, 2022
Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation... High Unreviewed
CVE-2013-0927 was published May 17, 2022
src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite... High Unreviewed
CVE-2008-5704 was published May 17, 2022
mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink... High Unreviewed
CVE-2008-5155 was published May 17, 2022
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can... High Unreviewed
CVE-2022-31258 was published May 21, 2022
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point... High Unreviewed
CVE-2019-8452 was published May 24, 2022
snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid... High Unreviewed
CVE-2019-11502 was published May 24, 2022
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing... High Unreviewed
CVE-2019-11503 was published May 24, 2022
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX... High Unreviewed
CVE-2019-11538 was published May 24, 2022
A local attacker can create a hard-link between a file to which the Check Point Endpoint Security... High Unreviewed
CVE-2019-8454 was published May 24, 2022
Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R)... High Unreviewed
CVE-2019-0086 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database