Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

981 advisories

Loading
Link Following in Iris High
CVE-2021-23772 was published for github.com/kataras/iris (Go) Jan 6, 2022
kataras
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent... Moderate Unreviewed
CVE-2021-20153 was published Dec 31, 2021
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer)... High Unreviewed
CVE-2021-44023 was published Dec 17, 2021
Windows Setup Elevation of Privilege Vulnerability High Unreviewed
CVE-2021-43237 was published Dec 16, 2021
Windows 10 Update Assistant Elevation of Privilege Vulnerability This CVE ID is unique from CVE... High Unreviewed
CVE-2021-42297 was published Nov 25, 2021
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links High
CVE-2021-37701 was published for tar (npm) Aug 31, 2021
chen-robert ginkoid
levpachmanov
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links High
CVE-2021-37712 was published for tar (npm) Aug 31, 2021
JarLob chen-robert
ginkoid levpachmanov
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following High
CVE-2021-39134 was published for @npmcli/arborist (npm) Aug 31, 2021
ginkoid chen-robert
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist High
CVE-2021-39135 was published for @npmcli/arborist (npm) Aug 31, 2021
JarLob KateCatlin
Permissions bypass in pleaser High
CVE-2021-31154 was published for pleaser (Rust) Aug 25, 2021
another-rex
Arbitrary file overwrite in tar-rs High
CVE-2018-20990 was published for tar (Rust) Aug 25, 2021
tdunlap607
Directory Traversal in Archive_Tar High
CVE-2021-32610 was published for pear/archive_tar (Composer) Aug 9, 2021
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning High
CVE-2021-32803 was published for tar (npm) Aug 3, 2021
ginkoid chen-robert
levpachmanov
Kubernetes kubectl cp Vulnerable to Symlink Attack Moderate
CVE-2019-11251 was published for k8s.io/kubernetes (Go) May 18, 2021
Directory exposure in jetty Low
CVE-2021-28163 was published for org.eclipse.jetty:jetty-deploy (Maven) Apr 6, 2021
svarovski
Remote Code Execution in SCIMono High
CVE-2021-21479 was published for com.sap.scimono:scimono-server (Maven) Feb 10, 2021
Path Traversal in decompress Critical
CVE-2020-12265 was published for decompress (npm) Sep 3, 2020
tdunlap607
Local Privilege Escalation in npm Low
CVE-2013-4116 was published for npm (npm) Sep 1, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7653 was published for snyk-broker (npm) Jun 3, 2020
Link Following in rply Moderate
CVE-2014-1938 was published for rply (pip) Mar 11, 2020
Arbitrary File Write in npm High
CVE-2019-16775 was published for npm (npm) Dec 13, 2019
DanielRuf
Arbitrary File Overwrite in fstream High
CVE-2019-13173 was published for fstream (npm) May 30, 2019
Arbitrary File Overwrite in tar High
CVE-2018-20834 was published for tar (npm) May 1, 2019
Moderate severity vulnerability that affects org.springframework.boot:spring-boot Moderate
CVE-2018-1196 was published for org.springframework.boot:spring-boot (Maven) Oct 18, 2018
Link Following in ansible High
CVE-2016-3096 was published for ansible (pip) Oct 10, 2018
ProTip! Advisories are also available from the GraphQL API