Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

981 advisories

Loading
Link Following in rply Moderate
CVE-2014-1938 was published for rply (pip) Mar 11, 2020
Symlink Arbitrary File Overwrite in tar High
CVE-2015-8860 was published for tar (npm) Oct 24, 2017
Pyro mishandles pid files in temporary directory locations and opening the pid file as root High
CVE-2011-2765 was published for pyro (pip) Aug 21, 2018
Local Privilege Escalation in npm Low
CVE-2013-4116 was published for npm (npm) Sep 1, 2020
Arbitrary Code Execution in Docker High
CVE-2014-6407 was published for github.com/docker/docker (Go) Feb 15, 2022
Directory Traversal in Docker Moderate
CVE-2014-9358 was published for github.com/docker/docker (Go) Feb 15, 2022
Symlink Attack in Libcontainer and Docker Engine Moderate
CVE-2015-3627 was published for github.com/docker/docker (Go) Feb 15, 2022
VladTheEnterprising allows local users to write to arbitrary files via a symlink attack Moderate
CVE-2014-4996 was published for VladTheEnterprising (RubyGems) May 14, 2022
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist High
CVE-2021-39135 was published for @npmcli/arborist (npm) Aug 31, 2021
JarLob KateCatlin
In connsyslogger, there is a possible symbolic link following due to improper link resolution.... Moderate Unreviewed
CVE-2022-20050 was published Mar 11, 2022
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of... Moderate Unreviewed
CVE-2011-0727 was published May 17, 2022
The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete... Moderate Unreviewed
CVE-2011-0441 was published May 17, 2022
dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify... Moderate Unreviewed
CVE-2011-0402 was published May 17, 2022
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following High
CVE-2021-39134 was published for @npmcli/arborist (npm) Aug 31, 2021
ginkoid chen-robert
An issue existed within the path validation logic for symlinks. This issue was addressed with... High Unreviewed
CVE-2022-22585 was published Mar 19, 2022
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any... High Unreviewed
CVE-2022-26659 was published Mar 26, 2022
Data Loss/Denial of Service in SWHKD High
CVE-2022-27816 was published for Simple-Wayland-HotKey-Daemon (Rust) Mar 31, 2022
Shinyzenith
Privilege escalation in beego High
CVE-2021-27116 was published for github.com/beego/beego (Go) Apr 6, 2022
Privilege escalation in beego High
CVE-2021-27117 was published for github.com/beego/beego (Go) Apr 6, 2022
A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to... High Unreviewed
CVE-2022-27883 was published Apr 10, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman... High Unreviewed
CVE-2022-21944 was published Jan 27, 2022
In mobile_log_d, there is a possible symbolic link following due to an improper link resolution.... Moderate Unreviewed
CVE-2022-20068 was published Apr 12, 2022
VMware Horizon Client for Linux (prior to 22.x) contains a local privilege escalation as a user... High Unreviewed
CVE-2022-22962 was published Apr 12, 2022
alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a... Low Unreviewed
CVE-2009-0035 was published Apr 21, 2022
Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem... Moderate Unreviewed
CVE-2015-5752 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API