GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
380 advisories
Filter by severity
An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder...
High
Unreviewed
CVE-2019-1053
was published
May 24, 2022
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC)...
High
Unreviewed
CVE-2019-1064
was published
May 24, 2022
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc)...
High
Unreviewed
CVE-2019-0986
was published
May 24, 2022
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in...
High
Unreviewed
CVE-2019-12749
was published
May 24, 2022
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because...
High
Unreviewed
CVE-2019-12779
was published
May 24, 2022
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico...
High
Unreviewed
CVE-2019-12209
was published
May 24, 2022
In some configurations an attacker can inject a new executable path into the extensions.load file...
High
Unreviewed
CVE-2019-3567
was published
May 24, 2022
Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100...
High
Unreviewed
CVE-2019-9949
was published
May 24, 2022
Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R)...
High
Unreviewed
CVE-2019-0086
was published
May 24, 2022
A local attacker can create a hard-link between a file to which the Check Point Endpoint Security...
High
Unreviewed
CVE-2019-8454
was published
May 24, 2022
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing...
High
Unreviewed
CVE-2019-11503
was published
May 24, 2022
snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid...
High
Unreviewed
CVE-2019-11502
was published
May 24, 2022
Hardlink before 0.1.2 operates on full file system objects path names which can allow a local...
High
Unreviewed
CVE-2011-3632
was published
Apr 22, 2022
openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system...
High
Unreviewed
CVE-2011-3351
was published
Apr 22, 2022
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
High
CVE-2024-29188
was published
for
WixToolset.Util.wixext
(NuGet)
Mar 25, 2024
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX...
High
Unreviewed
CVE-2019-11538
was published
May 24, 2022
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security...
High
Unreviewed
CVE-2022-40710
was published
Sep 29, 2022
Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete...
High
Unreviewed
CVE-2023-28892
was published
Mar 29, 2023
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file...
High
Unreviewed
CVE-2020-27833
was published
May 24, 2022
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote...
High
Unreviewed
CVE-2023-7216
was published
Feb 5, 2024
Joomla! Open Redirect vulnerability
High
CVE-2008-3227
was published
for
joomla/framework
(Composer)
May 1, 2022
An updater link following vulnerability in the Trend Micro Apex One agent could allow a local...
High
Unreviewed
CVE-2023-52094
was published
Jan 23, 2024
An agent link vulnerability in the Trend Micro Apex One security agent could allow a local...
High
Unreviewed
CVE-2023-47192
was published
Jan 23, 2024
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37712
was published
for
tar
(npm)
Aug 31, 2021
A security agent link following vulnerability in Trend Micro Apex One could allow a local...
High
Unreviewed
CVE-2023-52092
was published
Jan 23, 2024
ProTip!
Advisories are also available from the
GraphQL API