Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

42 advisories

Loading
Link Following in ansible High
CVE-2016-3096 was published for ansible (pip) Oct 10, 2018
Ansible Sandbox Escape via Symlink Attack High
CVE-2015-6240 was published for ansible (pip) May 13, 2022
Microsoft Security Advisory CVE-2024-38081 | .NET Denial of Service Vulnerability High
CVE-2024-38081 was published for Microsoft.IO.Redist (NuGet) Jul 9, 2024
Mercurial missing symlink check High
CVE-2017-1000115 was published for mercurial (pip) May 14, 2022
SaltStack Salt Insecure Temporary File Creation High
CVE-2014-3563 was published for salt (pip) May 17, 2022
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files High
CVE-2024-29188 was published for WixToolset.Util.wixext (NuGet) Mar 25, 2024
Joomla! Open Redirect vulnerability High
CVE-2008-3227 was published for joomla/framework (Composer) May 1, 2022
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links High
CVE-2021-37712 was published for tar (npm) Aug 31, 2021
JarLob chen-robert
ginkoid levpachmanov
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links High
CVE-2021-37701 was published for tar (npm) Aug 31, 2021
chen-robert ginkoid
levpachmanov
Arbitrary File Write in Libcontainer High
CVE-2015-3629 was published for github.com/docker/docker (Go) Feb 15, 2022
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning High
CVE-2021-32803 was published for tar (npm) Aug 3, 2021
ginkoid chen-robert
levpachmanov
Buildkite Elastic CI for AWS symbolic link following vulnerability High
CVE-2023-43116 was published for github.com/buildkite/elastic-ci-stack-for-aws/v6 (Go) Dec 22, 2023
Arbitrary File Overwrite in tar High
CVE-2018-20834 was published for tar (npm) May 1, 2019
Arbitrary File Overwrite in fstream High
CVE-2019-13173 was published for fstream (npm) May 30, 2019
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion High
CVE-2023-46654 was published for org.jenkins-ci.plugins:electricflow (Maven) Oct 25, 2023
Syncthing vulnerable to symlink traversal and arbitrary file overwrite High
CVE-2017-1000420 was published for github.com/syncthing/syncthing (Go) May 14, 2022
Jekyll allows attackers to access arbitrary files by specifying a symlink High
CVE-2018-17567 was published for jekyll (RubyGems) Sep 28, 2018
Hadoop symlink vulnerability High
CVE-2012-2945 was published for org.apache.hadoop:hadoop-main (Maven) Apr 23, 2022
b3log Wide unauthenticated file access High
CVE-2019-13915 was published for github.com/b3log/wide (Go) May 24, 2022
Podman Path Traversal Vulnerability leads to arbitrary file read/write High
CVE-2019-10152 was published for github.com/containers/podman (Go) May 24, 2022
SoSReport Predictable Tmp File Names High
CVE-2015-7529 was published for sosreport (pip) May 13, 2022
Arbitrary file overwrite in tar-rs High
CVE-2018-20990 was published for tar (Rust) Aug 25, 2021
tdunlap607
Permissions bypass in pleaser High
CVE-2021-31154 was published for pleaser (Rust) Aug 25, 2021
another-rex
cloudflared's Installer has Local Privilege Escalation Vulnerability High
CVE-2023-1314 was published for github.com/cloudflare/cloudflared (Go) Mar 21, 2023
RubyGems Link Following vulnerability High
CVE-2018-1000073 was published for org.jruby:jruby-stdlib (RubyGems) May 13, 2022
ProTip! Advisories are also available from the GraphQL API