GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
433 advisories
Filter by severity
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function...
Moderate
Unreviewed
CVE-2018-14335
was published
May 13, 2022
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly...
Moderate
Unreviewed
CVE-2014-5045
was published
May 13, 2022
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in...
Moderate
Unreviewed
CVE-2014-9512
was published
May 13, 2022
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows...
Moderate
Unreviewed
CVE-2014-8585
was published
May 13, 2022
Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink...
Moderate
Unreviewed
CVE-2012-5303
was published
May 13, 2022
perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software,...
Moderate
Unreviewed
CVE-2016-10374
was published
May 13, 2022
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha,...
Moderate
Unreviewed
CVE-2008-7247
was published
May 13, 2022
The main function in android_main.cpp in thermald allows local users to write to arbitrary files...
Moderate
Unreviewed
CVE-2014-2312
was published
May 13, 2022
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to...
Moderate
Unreviewed
CVE-2018-17955
was published
May 13, 2022
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure...
Moderate
Unreviewed
CVE-2016-9595
was published
May 13, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10...
Moderate
Unreviewed
CVE-2017-2390
was published
May 13, 2022
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is...
Moderate
Unreviewed
CVE-2018-6198
was published
May 13, 2022
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user...
Moderate
Unreviewed
CVE-2017-7418
was published
May 14, 2022
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file...
Moderate
Unreviewed
CVE-2018-19044
was published
May 14, 2022
keycloak-httpd-client-install symlink attack vulnerability
Moderate
CVE-2017-15111
was published
for
keycloak-httpd-client-install
(pip)
May 14, 2022
Puppet allows local users to modify the permissions of arbitrary files
Moderate
CVE-2011-3870
was published
for
puppet
(RubyGems)
May 14, 2022
Puppet arbitrary file overwrite
Moderate
CVE-2011-3869
was published
for
puppet
(RubyGems)
May 14, 2022
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink...
Moderate
Unreviewed
CVE-2015-1331
was published
May 14, 2022
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local...
Moderate
Unreviewed
CVE-2018-19637
was published
May 14, 2022
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an...
Moderate
Unreviewed
CVE-2018-19638
was published
May 14, 2022
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of...
Moderate
Unreviewed
CVE-2013-1976
was published
May 14, 2022
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on...
Moderate
Unreviewed
CVE-2013-2561
was published
May 14, 2022
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10...
Moderate
Unreviewed
CVE-2016-4679
was published
May 14, 2022
CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local...
Moderate
Unreviewed
CVE-2014-1272
was published
May 14, 2022
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a...
Moderate
Unreviewed
CVE-2015-1196
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API