GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
336 advisories
Filter by severity
An issue existed within the path validation logic for symlinks. This issue was addressed with...
High
Unreviewed
CVE-2022-22585
was published
Mar 19, 2022
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any...
High
Unreviewed
CVE-2022-26659
was published
Mar 26, 2022
A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to...
High
Unreviewed
CVE-2022-27883
was published
Apr 10, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman...
High
Unreviewed
CVE-2022-21944
was published
Jan 27, 2022
VMware Horizon Client for Linux (prior to 22.x) contains a local privilege escalation as a user...
High
Unreviewed
CVE-2022-22962
was published
Apr 12, 2022
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with...
High
Unreviewed
CVE-2017-2916
was published
May 13, 2022
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can...
High
Unreviewed
CVE-2022-31258
was published
May 21, 2022
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1)...
High
Unreviewed
CVE-2020-3950
was published
May 24, 2022
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc...
High
Unreviewed
CVE-2021-26720
was published
May 24, 2022
a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2,...
High
Unreviewed
CVE-2021-31997
was published
May 24, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of...
High
Unreviewed
CVE-2021-32000
was published
May 24, 2022
A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a...
High
Unreviewed
CVE-2021-32518
was published
May 24, 2022
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker...
High
Unreviewed
CVE-2021-1278
was published
May 24, 2022
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could...
High
Unreviewed
CVE-2022-30687
was published
May 28, 2022
A validation issue existed in the handling of symlinks and was addressed with improved validation...
High
Unreviewed
CVE-2022-26704
was published
May 27, 2022
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of...
High
Unreviewed
CVE-2008-4694
was published
May 17, 2022
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local,...
High
Unreviewed
CVE-2022-28225
was published
Jun 16, 2022
Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local,...
High
Unreviewed
CVE-2021-25261
was published
Jun 16, 2022
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from...
High
Unreviewed
CVE-2022-2145
was published
Jun 29, 2022
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure...
High
Unreviewed
CVE-2021-42056
was published
Jun 25, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows...
High
Unreviewed
CVE-2022-31250
was published
Jul 21, 2022
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user...
High
Unreviewed
CVE-2022-32450
was published
Jul 19, 2022
An issue existed within the path validation logic for symlinks. This issue was addressed with...
High
Unreviewed
CVE-2020-10003
was published
May 24, 2022
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to...
High
Unreviewed
CVE-2016-6253
was published
May 17, 2022
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which...
High
Unreviewed
CVE-2020-7040
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API