GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
433 advisories
Filter by severity
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a...
Moderate
Unreviewed
CVE-2009-1142
was published
Nov 23, 2022
Armoury Crate Service’s logging function has insufficient validation to check if the log file is...
Moderate
Unreviewed
CVE-2022-38699
was published
Sep 29, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
Moderate
CVE-2022-39215
was published
for
tauri
(Rust)
Sep 16, 2022
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows...
Moderate
Unreviewed
CVE-2022-0029
was published
Sep 15, 2022
In vow, there is a possible information disclosure due to a symbolic link following. This could...
Moderate
Unreviewed
CVE-2022-26456
was published
Sep 7, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file...
Moderate
Unreviewed
CVE-2022-2898
was published
Sep 1, 2022
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to...
Moderate
Unreviewed
CVE-2021-35937
was published
Aug 26, 2022
On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable...
Moderate
Unreviewed
CVE-2022-35631
was published
Jul 30, 2022
In sound driver, there is a possible information disclosure due to symlink following. This could...
Moderate
Unreviewed
CVE-2022-21770
was published
Jul 7, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Moderate
CVE-2022-31036
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
An issue in the handling of symlinks was addressed with improved validation. This issue is fixed...
Moderate
Unreviewed
CVE-2022-26688
was published
May 27, 2022
A security vulnerability that can lead to local privilege escalation has been found in ’guix...
Moderate
Unreviewed
CVE-2021-27851
was published
May 24, 2022
Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG...
Moderate
Unreviewed
CVE-2021-3641
was published
May 24, 2022
Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote...
Moderate
Unreviewed
CVE-2021-32508
was published
May 24, 2022
Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote...
Moderate
Unreviewed
CVE-2021-32509
was published
May 24, 2022
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user...
Moderate
Unreviewed
CVE-2020-4885
was published
May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open...
Moderate
Unreviewed
CVE-2021-32550
was published
May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open...
Moderate
Unreviewed
CVE-2021-32551
was published
May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open...
Moderate
Unreviewed
CVE-2021-32549
was published
May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open...
Moderate
Unreviewed
CVE-2021-32548
was published
May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open...
Moderate
Unreviewed
CVE-2021-32547
was published
May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open...
Moderate
Unreviewed
CVE-2021-32553
was published
May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open...
Moderate
Unreviewed
CVE-2021-32552
was published
May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open...
Moderate
Unreviewed
CVE-2021-32555
was published
May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open...
Moderate
Unreviewed
CVE-2021-32554
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API