Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

417 advisories

Loading
UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an... Moderate Unreviewed
CVE-2020-5797 was published May 24, 2022
checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files... Moderate Unreviewed
CVE-2018-21269 was published May 24, 2022
opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d... Moderate Unreviewed
CVE-2017-18925 was published May 24, 2022
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7... Moderate Unreviewed
CVE-2020-7319 was published May 24, 2022
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the... Moderate Unreviewed
CVE-2020-24654 was published May 24, 2022
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root... Moderate Unreviewed
CVE-2020-24332 was published May 24, 2022
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could... Moderate Unreviewed
CVE-2020-3437 was published May 24, 2022
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of... Moderate Unreviewed
CVE-2020-14004 was published May 24, 2022
A vulnerability in the Cisco Application Framework component of the Cisco IOx application... Moderate Unreviewed
CVE-2020-3237 was published May 24, 2022
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an... Moderate Unreviewed
CVE-2020-3223 was published May 24, 2022
Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed... Moderate Unreviewed
CVE-2020-6477 was published May 24, 2022
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE... Moderate Unreviewed
CVE-2019-3698 was published May 24, 2022
Kevin Backhouse discovered that apport would read a user-supplied configuration file with... Moderate Unreviewed
CVE-2019-11481 was published May 24, 2022
An elevation of privilege vulnerability exists in the way the Update Notification Manager handles... Moderate Unreviewed
CVE-2020-0638 was published May 24, 2022
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports... Moderate Unreviewed
CVE-2015-3147 was published May 24, 2022
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A... Moderate Unreviewed
CVE-2019-3750 was published May 24, 2022
The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to... Moderate Unreviewed
CVE-2019-18645 was published May 24, 2022
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming... Moderate Unreviewed
CVE-2019-11230 was published May 24, 2022
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than... Moderate Unreviewed
CVE-2019-13636 was published May 24, 2022
deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper:... Moderate Unreviewed
CVE-2019-13229 was published May 24, 2022
deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to... Moderate Unreviewed
CVE-2019-13228 was published May 24, 2022
In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone... Moderate Unreviewed
CVE-2019-13227 was published May 24, 2022
** DISPUTED ** postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a... Moderate Unreviewed
CVE-2008-4998 was published May 17, 2022
pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp... Moderate Unreviewed
CVE-2008-4988 was published May 17, 2022
** DISPUTED ** dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary... Moderate Unreviewed
CVE-2008-4997 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database