GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,400
Composer 4,386
Erlang 33
GitHub Actions 22
Go 2,141
Maven 5,315
npm 3,803
NuGet 687
pip 3,480
Pub 12
RubyGems 897
Rust 898
Swift 38

Unreviewed advisories

All unreviewed 245,645

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

420 advisories

Filter by severity

Sort by

Least recently updated

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server... Moderate Unreviewed

CVE-2023-39246 was published Nov 16, 2023

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... Moderate Unreviewed

CVE-2023-41968 was published Sep 27, 2023

A website could have obscured the full screen notification by using a URL with a scheme handled... Moderate Unreviewed

CVE-2023-4053 was published Aug 1, 2023

The Firefox updater created a directory writable by non-privileged users. When uninstalling... Moderate Unreviewed

CVE-2023-4052 was published Aug 1, 2023

Uploading files which contain symlinks may have allowed an attacker to trick a user into... Moderate Unreviewed

CVE-2023-37206 was published Jul 5, 2023

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could... Moderate Unreviewed

CVE-2023-32556 was published Jun 27, 2023

imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of... Moderate Unreviewed

CVE-2023-34204 was published May 30, 2023

Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the... Moderate Unreviewed

CVE-2022-38730 was published Apr 27, 2023

An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions... Moderate Unreviewed

CVE-2023-28141 was published Apr 18, 2023

An Improper Link Resolution Before File Access vulnerability in console port access of Juniper... Moderate Unreviewed

CVE-2023-28972 was published Apr 18, 2023

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability... Moderate Unreviewed

CVE-2022-43293 was published Apr 11, 2023

McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to... Moderate Unreviewed

CVE-2023-24577 was published Mar 13, 2023

A validation issue existed in the handling of symlinks. This issue was addressed with improved... Moderate Unreviewed

CVE-2022-22582 was published Feb 27, 2023

In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local... Moderate Unreviewed

CVE-2023-23558 was published Feb 16, 2023

NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the... Moderate Unreviewed

CVE-2022-42291 was published Feb 7, 2023

A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0... Moderate Unreviewed

CVE-2022-45440 was published Jan 17, 2023

A symlink following vulnerability was found in Samba, where a user can create a symbolic link... Moderate Unreviewed

CVE-2022-3592 was published Jan 12, 2023

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4. Moderate Unreviewed

CVE-2022-38482 was published Jan 10, 2023

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a... Moderate Unreviewed

CVE-2009-1142 was published Nov 23, 2022

Armoury Crate Service’s logging function has insufficient validation to check if the log file is... Moderate Unreviewed

CVE-2022-38699 was published Sep 29, 2022

An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows... Moderate Unreviewed

CVE-2022-0029 was published Sep 15, 2022

In vow, there is a possible information disclosure due to a symbolic link following. This could... Moderate Unreviewed

CVE-2022-26456 was published Sep 7, 2022

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... Moderate Unreviewed

CVE-2022-2898 was published Sep 1, 2022

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to... Moderate Unreviewed

CVE-2021-35937 was published Aug 26, 2022

On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable... Moderate Unreviewed

CVE-2022-35631 was published Jul 30, 2022

Previous 1 2 3 4 5 … 16 17 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

420 advisories