Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

433 advisories

Loading
Kevin Backhouse discovered that apport would read a user-supplied configuration file with... Moderate Unreviewed
CVE-2019-11481 was published May 24, 2022
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports... Moderate Unreviewed
CVE-2015-3147 was published May 24, 2022
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A... Moderate Unreviewed
CVE-2019-3750 was published May 24, 2022
The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to... Moderate Unreviewed
CVE-2019-18645 was published May 24, 2022
Podman Symlink Vulnerability Moderate
CVE-2019-18466 was published for github.com/containers/podman/v4 (Go) May 24, 2022
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming... Moderate Unreviewed
CVE-2019-11230 was published May 24, 2022
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than... Moderate Unreviewed
CVE-2019-13636 was published May 24, 2022
deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper:... Moderate Unreviewed
CVE-2019-13229 was published May 24, 2022
In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone... Moderate Unreviewed
CVE-2019-13227 was published May 24, 2022
deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to... Moderate Unreviewed
CVE-2019-13228 was published May 24, 2022
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server Moderate
CVE-2022-24904 was published for github.com/argoproj/argo-cd/v2 (Go) May 23, 2022
crenshaw-dev tdunlap607
** DISPUTED ** postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a... Moderate Unreviewed
CVE-2008-4998 was published May 17, 2022
pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp... Moderate Unreviewed
CVE-2008-4988 was published May 17, 2022
** DISPUTED ** init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via... Moderate Unreviewed
CVE-2008-4996 was published May 17, 2022
** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary... Moderate Unreviewed
CVE-2008-4977 was published May 17, 2022
** DISPUTED ** master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary... Moderate Unreviewed
CVE-2008-5034 was published May 17, 2022
** DISPUTED ** dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary... Moderate Unreviewed
CVE-2008-4997 was published May 17, 2022
test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack... Moderate Unreviewed
CVE-2008-5151 was published May 17, 2022
** DISPUTED ** os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a... Moderate Unreviewed
CVE-2008-5135 was published May 17, 2022
add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink... Moderate Unreviewed
CVE-2008-5146 was published May 17, 2022
sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink... Moderate Unreviewed
CVE-2008-5372 was published May 17, 2022
netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack... Moderate Unreviewed
CVE-2008-5379 was published May 17, 2022
noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the ... Moderate Unreviewed
CVE-2008-5369 was published May 17, 2022
sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a... Moderate Unreviewed
CVE-2008-5148 was published May 17, 2022
mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwrite arbitrary files via a... Moderate Unreviewed
CVE-2008-5143 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database