Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
snapd failed to properly check the destination of symbolic links when extracting a snap Moderate
CVE-2024-29069 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
runc AppArmor bypass with symlinked /proc Moderate
CVE-2023-28642 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
ssst0n3
Buildah (as part of Podman) vulnerable to Link Following Moderate
CVE-2022-4122 was published for github.com/containers/podman/v4 (Go) Dec 8, 2022
guidobonomi
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server Moderate
CVE-2022-31036 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz DavidKorczynski
Podman Symlink Vulnerability Moderate
CVE-2019-18466 was published for github.com/containers/podman/v4 (Go) May 24, 2022
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server Moderate
CVE-2022-24904 was published for github.com/argoproj/argo-cd/v2 (Go) May 23, 2022
crenshaw-dev tdunlap607
Symlink Attack in kubectl cp Moderate
CVE-2019-1002101 was published for k8s.io/kubernetes (Go) Feb 15, 2022
Symlink Attack in Libcontainer and Docker Engine Moderate
CVE-2015-3627 was published for github.com/docker/docker (Go) Feb 15, 2022
Directory Traversal in Docker Moderate
CVE-2014-9358 was published for github.com/docker/docker (Go) Feb 15, 2022
Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer Moderate
CVE-2020-26277 was published for github.com/datacharmer/dbdeployer (Go) Feb 12, 2022
smowton
Kubernetes kubectl cp Vulnerable to Symlink Attack Moderate
CVE-2019-11251 was published for k8s.io/kubernetes (Go) May 18, 2021
ProTip! Advisories are also available from the GraphQL API