Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,201 advisories

Loading
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file... High Unreviewed
CVE-2020-27833 was published May 24, 2022
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage... Moderate Unreviewed
CVE-2002-0725 was published Apr 30, 2022
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce... Moderate Unreviewed
CVE-2024-0068 was published Feb 29, 2024
pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. Moderate Unreviewed
CVE-2010-4817 was published Apr 21, 2022
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers,... Low Unreviewed
CVE-2003-1233 was published Apr 29, 2022
Moodle vulnerable to symlink attack Moderate
CVE-2008-5153 was published for moodle/moodle (Composer) May 17, 2022
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode... Low Unreviewed
CVE-2003-0844 was published Apr 29, 2022
DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount... Moderate Unreviewed
CVE-2023-32454 was published Feb 6, 2024
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote... High Unreviewed
CVE-2023-7216 was published Feb 5, 2024
Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on... Moderate Unreviewed
CVE-2023-32474 was published Feb 6, 2024
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite... Low Unreviewed
CVE-2005-0587 was published May 1, 2022
Joomla! Open Redirect vulnerability High
CVE-2008-3227 was published for joomla/framework (Composer) May 1, 2022
ocrodjvu is vulnerable to Arbitrary File Modification via symlink attack Moderate
CVE-2010-4338 was published for ocrodjvu (pip) May 17, 2022
Puppet arbitrary files overwrite via a symlink attack Low
CVE-2010-0156 was published for puppet (RubyGems) May 2, 2022
Buildah (as part of Podman) vulnerable to Link Following Moderate
CVE-2022-4122 was published for github.com/containers/podman/v4 (Go) Dec 8, 2022
guidobonomi
Credited to guidobonomi
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links High
CVE-2021-37712 was published for tar (npm) Aug 31, 2021
JarLob chen-robert
ginkoid levpachmanov
Credited to JarLob, chen-robert, ginkoid, and levpachmanov
Typo3 Open Redirect In Frontend Rendering Moderate
CVE-2014-9508 was published for typo3/cms (Composer) May 17, 2022
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack... Low Unreviewed
CVE-2005-1879 was published May 1, 2022
The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is... Low Unreviewed
CVE-2005-0824 was published May 1, 2022
linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files... Low Unreviewed
CVE-2005-1916 was published May 1, 2022
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows... Low Unreviewed
CVE-1999-1386 was published Apr 30, 2022
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device... Moderate Unreviewed
CVE-1999-0783 was published Apr 30, 2022
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack... Low Unreviewed
CVE-2005-1880 was published May 1, 2022
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red... Low Unreviewed
CVE-2004-0217 was published Apr 29, 2022
cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root,... Moderate Unreviewed
CVE-2003-0578 was published Apr 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database