Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

438 advisories

Loading
Kevin Backhouse discovered that apport would read a user-supplied configuration file with... Moderate Unreviewed
CVE-2019-11481 was published May 24, 2022
insecure temporary directory usage in passenger Moderate
CVE-2013-4136 was published for passenger (RubyGems) Oct 24, 2017
Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin Moderate
CVE-2022-25177 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
westonsteimel
Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin Moderate
CVE-2022-25176 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
westonsteimel
Link Following in Jenkins Pipeline Multibranch Plugin Moderate
CVE-2022-25179 was published for org.jenkins-ci.plugins.workflow:workflow-multibranch (Maven) Feb 16, 2022
westonsteimel
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server Moderate
CVE-2022-24904 was published for github.com/argoproj/argo-cd/v2 (Go) May 23, 2022
crenshaw-dev tdunlap607
runc AppArmor bypass with symlinked /proc Moderate
CVE-2023-28642 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
ssst0n3
McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to... Moderate Unreviewed
CVE-2023-24577 was published Mar 13, 2023
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including... Moderate Unreviewed
CVE-2020-28935 was published May 24, 2022
A validation issue existed in the handling of symlinks. This issue was addressed with improved... Moderate Unreviewed
CVE-2022-22582 was published Feb 27, 2023
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local... Moderate Unreviewed
CVE-2023-23558 was published Feb 16, 2023
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the... Moderate Unreviewed
CVE-2022-42291 was published Feb 7, 2023
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary... Moderate Unreviewed
CVE-2012-4455 was published May 17, 2022
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain... Moderate Unreviewed
CVE-2009-4135 was published May 2, 2022
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete... Moderate Unreviewed
CVE-2013-6456 was published May 17, 2022
There is an open race window when writing output in the following utilities in GNU binutils... Moderate Unreviewed
CVE-2021-20197 was published May 24, 2022
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5... Moderate Unreviewed
CVE-2013-2029 was published May 17, 2022
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local,... Moderate Unreviewed
CVE-2018-1063 was published May 14, 2022
The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib... Moderate Unreviewed
CVE-2014-3486 was published May 17, 2022
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users... Moderate Unreviewed
CVE-2012-3440 was published May 17, 2022
rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1,... Moderate Unreviewed
CVE-2013-4214 was published May 17, 2022
The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise... Moderate Unreviewed
CVE-2009-1893 was published May 2, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links Moderate
CVE-2022-39215 was published for tauri (Rust) Sep 16, 2022
martin-ocasek
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before... Moderate Unreviewed
CVE-2011-1384 was published May 17, 2022
The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local... Moderate Unreviewed
CVE-2011-2473 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database