Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,201 advisories

Loading
An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka ... High Unreviewed
CVE-2020-16939 was published May 24, 2022
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January... High Unreviewed
CVE-2024-0206 was published Jan 9, 2024
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL... High Unreviewed
CVE-2023-28872 was published Dec 25, 2023
Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan... Moderate Unreviewed
CVE-2023-51654 was published Dec 26, 2023
Uploading files which contain symlinks may have allowed an attacker to trick a user into... Moderate Unreviewed
CVE-2023-37206 was published Jul 5, 2023
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce... Moderate Unreviewed
CVE-2023-6335 was published Jan 16, 2024
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce... High Unreviewed
CVE-2023-6336 was published Jan 16, 2024
Fabric vulnerable to symlink attack on tmp files Moderate
CVE-2011-2185 was published for fabric (pip) May 17, 2022
Puppet arbitrary file overwrite Moderate
CVE-2011-3869 was published for puppet (RubyGems) May 14, 2022
Puppet allows local users to modify the permissions of arbitrary files Moderate
CVE-2011-3870 was published for puppet (RubyGems) May 14, 2022
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a... Low Unreviewed
CVE-2000-0972 was published Apr 30, 2022
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an... Low Unreviewed
CVE-2000-1178 was published Apr 30, 2022
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow... Moderate Unreviewed
CVE-2002-0793 was published Apr 30, 2022
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary... Low Unreviewed
CVE-2001-1494 was published Apr 30, 2022
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack... Moderate Unreviewed
CVE-2004-1901 was published Apr 29, 2022
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files... Moderate Unreviewed
CVE-2004-1603 was published Apr 29, 2022
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning High
CVE-2021-32803 was published for tar (npm) Aug 3, 2021
ginkoid chen-robert
levpachmanov
Credited to ginkoid, chen-robert, and levpachmanov
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90... High Unreviewed
CVE-2023-2939 was published May 31, 2023
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as ... Moderate Unreviewed
CVE-2000-0342 was published Apr 30, 2022
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends... Moderate Unreviewed
CVE-2001-1386 was published Apr 30, 2022
ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by... Moderate Unreviewed
CVE-2001-1043 was published Apr 30, 2022
Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by... Moderate Unreviewed
CVE-2001-1042 was published Apr 30, 2022
Arbitrary File Write in Libcontainer High
CVE-2015-3629 was published for github.com/docker/docker (Go) Feb 15, 2022
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links High
CVE-2021-37701 was published for tar (npm) Aug 31, 2021
chen-robert ginkoid
levpachmanov
Credited to chen-robert, ginkoid, and levpachmanov
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and... Moderate Unreviewed
CVE-2002-2323 was published Apr 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database