Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,762
NuGet
678
pip
3,447
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

372 advisories

Loading
Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete... High Unreviewed
CVE-2023-28892 was published Mar 29, 2023
In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the... High Unreviewed
CVE-2023-26088 was published Mar 23, 2023
A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow... High Unreviewed
CVE-2023-25145 was published Mar 10, 2023
A security agent link following vulnerability in Trend Micro Apex One could allow a local... High Unreviewed
CVE-2023-25148 was published Mar 10, 2023
A security agent link following vulnerability in the Trend Micro Apex One agent could allow a... High Unreviewed
CVE-2023-25146 was published Mar 10, 2023
Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the... High Unreviewed
CVE-2022-45697 was published Feb 27, 2023
NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user... High Unreviewed
CVE-2022-42292 was published Feb 12, 2023
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an... High Unreviewed
CVE-2023-20008 was published Jan 20, 2023
A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and... High Unreviewed
CVE-2022-45798 was published Dec 24, 2022
When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be... High Unreviewed
CVE-2022-45412 was published Dec 22, 2022
A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical.... High Unreviewed
CVE-2022-4563 was published Dec 21, 2022
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended... High Unreviewed
CVE-2009-1143 was published Nov 23, 2022
Local privilege escalation due to improper soft link handling. The following products are... High Unreviewed
CVE-2022-44747 was published Nov 8, 2022
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... High Unreviewed
CVE-2022-32905 was published Nov 2, 2022
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as... High Unreviewed
CVE-2022-41973 was published Oct 29, 2022
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called... High Unreviewed
CVE-2022-31256 was published Oct 26, 2022
Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by... High Unreviewed
CVE-2022-42725 was published Oct 10, 2022
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security... High Unreviewed
CVE-2022-40710 was published Sep 29, 2022
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with... High Unreviewed
CVE-2022-34893 was published Sep 20, 2022
A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro... High Unreviewed
CVE-2022-40143 was published Sep 20, 2022
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file... High Unreviewed
CVE-2022-2897 was published Sep 1, 2022
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only... High Unreviewed
CVE-2021-35939 was published Aug 27, 2022
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and... High Unreviewed
CVE-2021-35938 was published Aug 26, 2022
An improper link resolution flaw can occur while extracting an archive leading to changing modes,... High Unreviewed
CVE-2021-31566 was published Aug 24, 2022
An improper link resolution flaw while extracting an archive can lead to changing the access... High Unreviewed
CVE-2021-23177 was published Aug 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database