Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

40 advisories

Loading
snapd failed to properly check the destination of symbolic links when extracting a snap Moderate
CVE-2024-29069 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
Jenkins CloudBees CD Plugin vulnerable to arbitrary file read Moderate
CVE-2023-46655 was published for org.jenkins-ci.plugins:electricflow (Maven) Oct 25, 2023
Ghost vulnerable to arbitrary file read via symlinks in content import Moderate
CVE-2023-40028 was published for ghost (npm) Aug 15, 2023
ixSly
runc AppArmor bypass with symlinked /proc Moderate
CVE-2023-28642 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
ssst0n3
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following Moderate
CVE-2021-4287 was published for binwalk (pip) Dec 27, 2022
Buildah (as part of Podman) vulnerable to Link Following Moderate
CVE-2022-4122 was published for github.com/containers/podman/v4 (Go) Dec 8, 2022
guidobonomi
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links Moderate
CVE-2022-39215 was published for tauri (Rust) Sep 16, 2022
martin-ocasek
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server Moderate
CVE-2022-31036 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz DavidKorczynski
Arbitrary file read vulnerability in workspace browsers in Jenkins Moderate
CVE-2021-21602 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Podman Symlink Vulnerability Moderate
CVE-2019-18466 was published for github.com/containers/podman/v4 (Go) May 24, 2022
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server Moderate
CVE-2022-24904 was published for github.com/argoproj/argo-cd/v2 (Go) May 23, 2022
crenshaw-dev tdunlap607
Fabric vulnerable to symlink attack on tmp files Moderate
CVE-2011-2185 was published for fabric (pip) May 17, 2022
Improper Link Resolution Before File Access in Apache Hadoop Moderate
CVE-2014-3627 was published for org.apache.hadoop:hadoop-client (Maven) May 17, 2022
Typo3 Open Redirect In Frontend Rendering Moderate
CVE-2014-9508 was published for typo3/cms (Composer) May 17, 2022
PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles Moderate
CVE-2014-1932 was published for pillow (pip) May 17, 2022
Moodle vulnerable to symlink attack Moderate
CVE-2008-5153 was published for moodle/moodle (Composer) May 17, 2022
ocrodjvu is vulnerable to Arbitrary File Modification via symlink attack Moderate
CVE-2010-4338 was published for ocrodjvu (pip) May 17, 2022
Openstack DBaaS (Trove) Improper Link Resolution Before File Access Moderate
CVE-2015-3156 was published for trove (pip) May 17, 2022
VladTheEnterprising allows local users to write to arbitrary files via a symlink attack Moderate
CVE-2014-4996 was published for VladTheEnterprising (RubyGems) May 14, 2022
eyeD3 is vulnerable to arbitrary file modification via symlink attack Moderate
CVE-2014-1934 was published for eyeD3 (pip) May 14, 2022
Improper Link Resolution Before File Access in logilab-commons Moderate
CVE-2014-1838 was published for logilab-common (pip) May 14, 2022
Numpy arbitrary file write via symlink attack Moderate
CVE-2014-1859 was published for numpy (pip) May 14, 2022
jhutchings1
Puppet allows local users to modify the permissions of arbitrary files Moderate
CVE-2011-3870 was published for puppet (RubyGems) May 14, 2022
Puppet arbitrary file overwrite Moderate
CVE-2011-3869 was published for puppet (RubyGems) May 14, 2022
keycloak-httpd-client-install symlink attack vulnerability Moderate
CVE-2017-15111 was published for keycloak-httpd-client-install (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API