Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

981 advisories

Loading
A validation issue existed in the handling of symlinks and was addressed with improved validation... High Unreviewed
CVE-2022-26704 was published May 27, 2022
redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack... Moderate Unreviewed
CVE-2008-4995 was published May 17, 2022
vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0 allows local users to overwrite... Moderate Unreviewed
CVE-2008-4985 was published May 17, 2022
The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary... Moderate Unreviewed
CVE-2008-4994 was published May 17, 2022
ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary files via a symlink attack... Moderate Unreviewed
CVE-2008-4976 was published May 17, 2022
trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local... Moderate Unreviewed
CVE-2008-5140 was published May 17, 2022
passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink... Moderate Unreviewed
CVE-2008-5138 was published May 17, 2022
bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack... Moderate Unreviewed
CVE-2008-5154 was published May 17, 2022
The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows... Moderate Unreviewed
CVE-2008-5256 was published May 17, 2022
The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12... Low Unreviewed
CVE-2008-5825 was published May 17, 2022
Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote... Moderate Unreviewed
CVE-2008-6762 was published May 17, 2022
openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local users to overwrite... Moderate Unreviewed
CVE-2010-1693 was published May 17, 2022
Link Following in Deno High
CVE-2021-41641 was published for deno (Rust) Jun 13, 2022
A security vulnerability that can lead to local privilege escalation has been found in ’guix... Moderate Unreviewed
CVE-2021-27851 was published May 24, 2022
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could... High Unreviewed
CVE-2022-30687 was published May 28, 2022
sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on... Moderate Unreviewed
CVE-2008-6398 was published May 17, 2022
rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink... Moderate Unreviewed
CVE-2008-6397 was published May 17, 2022
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker... High Unreviewed
CVE-2021-1278 was published May 24, 2022
A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a... High Unreviewed
CVE-2021-32518 was published May 24, 2022
emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary... Low Unreviewed
CVE-2010-2053 was published May 17, 2022
An issue in the handling of symlinks was addressed with improved validation. This issue is fixed... Moderate Unreviewed
CVE-2022-26688 was published May 27, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of... High Unreviewed
CVE-2021-32000 was published May 24, 2022
a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2,... High Unreviewed
CVE-2021-31997 was published May 24, 2022
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc... High Unreviewed
CVE-2021-26720 was published May 24, 2022
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local... Low Unreviewed
CVE-2020-7282 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API