Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

164 advisories

Loading
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability Low
CVE-2023-5834 was published for github.com/hashicorp/vagrant (Go) Oct 28, 2023
Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary... Low Unreviewed
CVE-2023-24572 was published Feb 13, 2023
Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete... Low Unreviewed
CVE-2023-23697 was published Feb 13, 2023
Cargo extracting malicious crates can corrupt arbitrary files Low
CVE-2022-36113 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential... Low Unreviewed
CVE-2021-21740 was published May 24, 2022
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform... Low Unreviewed
CVE-2021-23239 was published May 24, 2022
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application... Low Unreviewed
CVE-2020-16851 was published May 24, 2022
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application... Low Unreviewed
CVE-2020-16853 was published May 24, 2022
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run... Low Unreviewed
CVE-2020-14367 was published May 24, 2022
ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory... Low Unreviewed
CVE-2020-6012 was published May 24, 2022
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local... Low Unreviewed
CVE-2020-7282 was published May 24, 2022
Apport creates a world writable lock file with root ownership in the world writable /var/lock... Low Unreviewed
CVE-2020-8831 was published May 24, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server... Low Unreviewed
CVE-2020-8013 was published May 24, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb... Low Unreviewed
CVE-2019-18901 was published May 24, 2022
Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability.... Low Unreviewed
CVE-2020-5324 was published May 24, 2022
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary... Low Unreviewed
CVE-2013-0200 was published May 17, 2022
The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite... Low Unreviewed
CVE-2010-2192 was published May 17, 2022
GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a... Low Unreviewed
CVE-2010-2056 was published May 17, 2022
The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files... Low Unreviewed
CVE-2010-2794 was published May 17, 2022
The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp,... Low Unreviewed
CVE-2010-4173 was published May 17, 2022
hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink... Low Unreviewed
CVE-2011-3204 was published May 17, 2022
Virtualenv Allows Symlink Attack on /tmp/ Low
CVE-2011-4617 was published for virtualenv (pip) May 17, 2022
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink... Low Unreviewed
CVE-2010-4337 was published May 17, 2022
The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users... Low Unreviewed
CVE-2012-4676 was published May 17, 2022
as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file... Low Unreviewed
CVE-2012-0808 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API