GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
981 advisories
Filter by severity
gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on...
Low
Unreviewed
CVE-2007-3921
was published
May 1, 2022
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary...
Moderate
Unreviewed
CVE-2007-3919
was published
May 1, 2022
The main function in skkdic-expr.c in SKK Tools 1.2 allows local users to overwrite or delete...
Moderate
Unreviewed
CVE-2007-3916
was published
May 1, 2022
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow...
Moderate
Unreviewed
CVE-2007-3103
was published
May 1, 2022
Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web...
Moderate
Unreviewed
CVE-2007-2978
was published
May 1, 2022
Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users...
Moderate
Unreviewed
CVE-2007-1027
was published
May 1, 2022
openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink...
Low
Unreviewed
CVE-2006-5851
was published
May 1, 2022
rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite...
Low
Unreviewed
CVE-2006-1247
was published
May 1, 2022
GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink...
Low
Unreviewed
CVE-2005-3349
was published
May 1, 2022
The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and...
Low
Unreviewed
CVE-2005-3126
was published
May 1, 2022
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows...
Moderate
Unreviewed
CVE-2005-2714
was published
May 1, 2022
Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to...
Low
Unreviewed
CVE-2005-2527
was published
May 1, 2022
linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files...
Low
Unreviewed
CVE-2005-1916
was published
May 1, 2022
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack...
Low
Unreviewed
CVE-2005-1880
was published
May 1, 2022
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack...
Low
Unreviewed
CVE-2005-1879
was published
May 1, 2022
The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is...
Low
Unreviewed
CVE-2005-0824
was published
May 1, 2022
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite...
Low
Unreviewed
CVE-2005-0587
was published
May 1, 2022
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and...
Moderate
Unreviewed
CVE-2005-0004
was published
May 1, 2022
cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a...
High
Unreviewed
CVE-2002-2382
was published
Apr 30, 2022
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and...
Moderate
Unreviewed
CVE-2002-2323
was published
Apr 30, 2022
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow...
Moderate
Unreviewed
CVE-2002-0793
was published
Apr 30, 2022
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage...
Moderate
Unreviewed
CVE-2002-0725
was published
Apr 30, 2022
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user...
Low
Unreviewed
CVE-2001-1593
was published
Apr 30, 2022
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary...
Low
Unreviewed
CVE-2001-1494
was published
Apr 30, 2022
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends...
Moderate
Unreviewed
CVE-2001-1386
was published
Apr 30, 2022
ProTip!
Advisories are also available from the
GraphQL API