Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

429 advisories

Loading
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to... Moderate Unreviewed
CVE-2021-35937 was published Aug 26, 2022
On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable... Moderate Unreviewed
CVE-2022-35631 was published Jul 30, 2022
In sound driver, there is a possible information disclosure due to symlink following. This could... Moderate Unreviewed
CVE-2022-21770 was published Jul 7, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server Moderate
CVE-2022-31036 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz DavidKorczynski
An issue in the handling of symlinks was addressed with improved validation. This issue is fixed... Moderate Unreviewed
CVE-2022-26688 was published May 27, 2022
A security vulnerability that can lead to local privilege escalation has been found in ’guix... Moderate Unreviewed
CVE-2021-27851 was published May 24, 2022
Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG... Moderate Unreviewed
CVE-2021-3641 was published May 24, 2022
Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote... Moderate Unreviewed
CVE-2021-32508 was published May 24, 2022
Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote... Moderate Unreviewed
CVE-2021-32509 was published May 24, 2022
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user... Moderate Unreviewed
CVE-2020-4885 was published May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open... Moderate Unreviewed
CVE-2021-32550 was published May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open... Moderate Unreviewed
CVE-2021-32547 was published May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open... Moderate Unreviewed
CVE-2021-32548 was published May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open... Moderate Unreviewed
CVE-2021-32551 was published May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open... Moderate Unreviewed
CVE-2021-32549 was published May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open... Moderate Unreviewed
CVE-2021-32553 was published May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open... Moderate Unreviewed
CVE-2021-32552 was published May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open... Moderate Unreviewed
CVE-2021-32555 was published May 24, 2022
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open... Moderate Unreviewed
CVE-2021-32554 was published May 24, 2022
This vulnerability allows local attackers to delete arbitrary directories on affected... Moderate Unreviewed
CVE-2021-27241 was published May 24, 2022
There is an open race window when writing output in the following utilities in GNU binutils... Moderate Unreviewed
CVE-2021-20197 was published May 24, 2022
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and... Moderate Unreviewed
CVE-2021-28650 was published May 24, 2022
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with... Moderate Unreviewed
CVE-2021-28153 was published May 24, 2022
A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create... Moderate Unreviewed
CVE-2020-4717 was published May 24, 2022
Windows Mobile Device Management Information Disclosure Vulnerability Moderate Unreviewed
CVE-2021-24084 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API