Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

380 advisories

Loading
An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder... High Unreviewed
CVE-2019-1053 was published May 24, 2022
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC)... High Unreviewed
CVE-2019-1064 was published May 24, 2022
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc)... High Unreviewed
CVE-2019-0986 was published May 24, 2022
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in... High Unreviewed
CVE-2019-12749 was published May 24, 2022
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because... High Unreviewed
CVE-2019-12779 was published May 24, 2022
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico... High Unreviewed
CVE-2019-12209 was published May 24, 2022
In some configurations an attacker can inject a new executable path into the extensions.load file... High Unreviewed
CVE-2019-3567 was published May 24, 2022
Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100... High Unreviewed
CVE-2019-9949 was published May 24, 2022
Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R)... High Unreviewed
CVE-2019-0086 was published May 24, 2022
A local attacker can create a hard-link between a file to which the Check Point Endpoint Security... High Unreviewed
CVE-2019-8454 was published May 24, 2022
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing... High Unreviewed
CVE-2019-11503 was published May 24, 2022
snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid... High Unreviewed
CVE-2019-11502 was published May 24, 2022
Hardlink before 0.1.2 operates on full file system objects path names which can allow a local... High Unreviewed
CVE-2011-3632 was published Apr 22, 2022
openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system... High Unreviewed
CVE-2011-3351 was published Apr 22, 2022
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files High
CVE-2024-29188 was published for WixToolset.Util.wixext (NuGet) Mar 25, 2024
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX... High Unreviewed
CVE-2019-11538 was published May 24, 2022
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security... High Unreviewed
CVE-2022-40710 was published Sep 29, 2022
Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete... High Unreviewed
CVE-2023-28892 was published Mar 29, 2023
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file... High Unreviewed
CVE-2020-27833 was published May 24, 2022
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote... High Unreviewed
CVE-2023-7216 was published Feb 5, 2024
Joomla! Open Redirect vulnerability High
CVE-2008-3227 was published for joomla/framework (Composer) May 1, 2022
An updater link following vulnerability in the Trend Micro Apex One agent could allow a local... High Unreviewed
CVE-2023-52094 was published Jan 23, 2024
An agent link vulnerability in the Trend Micro Apex One security agent could allow a local... High Unreviewed
CVE-2023-47192 was published Jan 23, 2024
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links High
CVE-2021-37712 was published for tar (npm) Aug 31, 2021
JarLob chen-robert
ginkoid levpachmanov
A security agent link following vulnerability in Trend Micro Apex One could allow a local... High Unreviewed
CVE-2023-52092 was published Jan 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database