Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

496 advisories

Loading
DLL hijacking could lead to local privilege escalation. The following products are affected:... High Unreviewed
CVE-2021-44198 was published Nov 30, 2021
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x... High Unreviewed
CVE-2021-32592 was published Dec 2, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows... High Unreviewed
CVE-2021-43037 was published Dec 7, 2021
SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search... High Unreviewed
CVE-2021-20047 was published Dec 9, 2021
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to... High Unreviewed
CVE-2021-4007 was published Dec 15, 2021
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL... High Unreviewed
CVE-2021-40161 was published Dec 24, 2021
Users have access to the directory where the installation repair occurs. Since the MS Installer... High Unreviewed
CVE-2021-30360 was published Jan 11, 2022
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a... High Unreviewed
CVE-2022-0129 was published Jan 12, 2022
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent... High Unreviewed
CVE-2022-0015 was published Jan 13, 2022
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege... High Unreviewed
CVE-2021-44463 was published Jan 29, 2022
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service.... High Unreviewed
CVE-2021-44206 was published Feb 10, 2022
Local privilege escalation due to DLL hijacking vulnerability. The following products are... High Unreviewed
CVE-2021-44205 was published Feb 10, 2022
AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged... High Unreviewed
CVE-2020-12891 was published Feb 10, 2022
SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system... High Unreviewed
CVE-2022-22528 was published Feb 11, 2022
Uncontrolled search path in the Intel(R) GPA software before version 21.2 may allow an... High Unreviewed
CVE-2021-33101 was published Feb 11, 2022
The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91... High Unreviewed
CVE-2022-23853 was published Feb 12, 2022
AXIS IP Utility prior to 4.17.0 allows for remote code execution and local privilege escalation... High Unreviewed
CVE-2022-23410 was published Feb 15, 2022
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local... High Unreviewed
CVE-2021-43940 was published Feb 16, 2022
Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affected by an Uncontrolled Search... High Unreviewed
CVE-2022-23202 was published Feb 17, 2022
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path... High Unreviewed
CVE-2022-22943 was published Mar 4, 2022
Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to... High Unreviewed
CVE-2022-26337 was published Mar 9, 2022
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000... High Unreviewed
CVE-2022-23401 was published Mar 12, 2022
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker... High Unreviewed
CVE-2022-26081 was published Mar 18, 2022
WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current... High Unreviewed
CVE-2022-26511 was published Mar 18, 2022
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs),... High Unreviewed
CVE-2022-25969 was published Mar 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database