GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
405 advisories
Filter by severity
Pyro mishandles pid files in temporary directory locations and opening the pid file as root
High
CVE-2011-2765
was published
for
pyro
(pip)
Aug 21, 2018
Jekyll allows attackers to access arbitrary files by specifying a symlink
High
CVE-2018-17567
was published
for
jekyll
(RubyGems)
Sep 28, 2018
Arbitrary File Overwrite in fstream
High
CVE-2019-13173
was published
for
fstream
(npm)
May 30, 2019
Remote Code Execution in SCIMono
High
CVE-2021-21479
was published
for
com.sap.scimono:scimono-server
(Maven)
Feb 10, 2021
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
High
CVE-2021-32803
was published
for
tar
(npm)
Aug 3, 2021
Directory Traversal in Archive_Tar
High
CVE-2021-32610
was published
for
pear/archive_tar
(Composer)
Aug 9, 2021
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
High
CVE-2021-39135
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
High
CVE-2021-39134
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37712
was published
for
tar
(npm)
Aug 31, 2021
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37701
was published
for
tar
(npm)
Aug 31, 2021
Windows 10 Update Assistant Elevation of Privilege Vulnerability This CVE ID is unique from CVE...
High
Unreviewed
CVE-2021-42297
was published
Nov 25, 2021
Windows Setup Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2021-43237
was published
Dec 16, 2021
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer)...
High
Unreviewed
CVE-2021-44023
was published
Dec 17, 2021
Link Following in Iris
High
CVE-2021-23772
was published
for
github.com/kataras/iris
(Go)
Jan 6, 2022
A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on...
High
Unreviewed
CVE-2021-45442
was published
Jan 11, 2022
A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and...
High
Unreviewed
CVE-2021-44024
was published
Jan 11, 2022
Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE...
High
Unreviewed
CVE-2022-21919
was published
Jan 12, 2022
Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE...
High
Unreviewed
CVE-2022-21895
was published
Jan 12, 2022
An improper link resolution before file access vulnerability exists in the Palo Alto Networks...
High
Unreviewed
CVE-2022-0012
was published
Jan 13, 2022
ProTip!
Advisories are also available from the
GraphQL API