GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
40 advisories
Filter by severity
Link Following in github.com/containers/common
Moderate
CVE-2024-9341
was published
for
github.com/containers/common
(Go)
Oct 1, 2024
snapd failed to properly check the destination of symbolic links when extracting a snap
Moderate
CVE-2024-29069
was published
for
github.com/snapcore/snapd
(Go)
Jul 25, 2024
Jenkins CloudBees CD Plugin vulnerable to arbitrary file read
Moderate
CVE-2023-46655
was published
for
org.jenkins-ci.plugins:electricflow
(Maven)
Oct 25, 2023
Ghost vulnerable to arbitrary file read via symlinks in content import
Moderate
CVE-2023-40028
was published
for
ghost
(npm)
Aug 15, 2023
runc AppArmor bypass with symlinked /proc
Moderate
CVE-2023-28642
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following
Moderate
CVE-2021-4287
was published
for
binwalk
(pip)
Dec 27, 2022
Buildah (as part of Podman) vulnerable to Link Following
Moderate
CVE-2022-4122
was published
for
github.com/containers/podman/v4
(Go)
Dec 8, 2022
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
Moderate
CVE-2022-39215
was published
for
tauri
(Rust)
Sep 16, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Moderate
CVE-2022-31036
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Arbitrary file read vulnerability in workspace browsers in Jenkins
Moderate
CVE-2021-21602
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Podman Symlink Vulnerability
Moderate
CVE-2019-18466
was published
for
github.com/containers/podman/v4
(Go)
May 24, 2022
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
Moderate
CVE-2022-24904
was published
for
github.com/argoproj/argo-cd/v2
(Go)
May 23, 2022
Fabric vulnerable to symlink attack on tmp files
Moderate
CVE-2011-2185
was published
for
fabric
(pip)
May 17, 2022
Improper Link Resolution Before File Access in Apache Hadoop
Moderate
CVE-2014-3627
was published
for
org.apache.hadoop:hadoop-client
(Maven)
May 17, 2022
Typo3 Open Redirect In Frontend Rendering
Moderate
CVE-2014-9508
was published
for
typo3/cms
(Composer)
May 17, 2022
Moodle vulnerable to symlink attack
Moderate
CVE-2008-5153
was published
for
moodle/moodle
(Composer)
May 17, 2022
ocrodjvu is vulnerable to Arbitrary File Modification via symlink attack
Moderate
CVE-2010-4338
was published
for
ocrodjvu
(pip)
May 17, 2022
Openstack DBaaS (Trove) Improper Link Resolution Before File Access
Moderate
CVE-2015-3156
was published
for
trove
(pip)
May 17, 2022
VladTheEnterprising allows local users to write to arbitrary files via a symlink attack
Moderate
CVE-2014-4996
was published
for
VladTheEnterprising
(RubyGems)
May 14, 2022
eyeD3 is vulnerable to arbitrary file modification via symlink attack
Moderate
CVE-2014-1934
was published
for
eyeD3
(pip)
May 14, 2022
Improper Link Resolution Before File Access in Suds
Moderate
CVE-2013-2217
was published
for
suds
(pip)
May 14, 2022
Puppet allows local users to modify the permissions of arbitrary files
Moderate
CVE-2011-3870
was published
for
puppet
(RubyGems)
May 14, 2022
Puppet arbitrary file overwrite
Moderate
CVE-2011-3869
was published
for
puppet
(RubyGems)
May 14, 2022
keycloak-httpd-client-install symlink attack vulnerability
Moderate
CVE-2017-15111
was published
for
keycloak-httpd-client-install
(pip)
May 14, 2022
Improper Link Resolution Before File Access in pip
Moderate
CVE-2013-1888
was published
for
pip
(pip)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API