Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

28 advisories

Loading
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory. Moderate
CVE-2024-47877 was published for github.com/codeclysm/extract (Go) Oct 11, 2024
buglloc cmaglie
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia... High Unreviewed
CVE-2024-44132 was published Sep 17, 2024
runc can be confused to create empty files/directories on the host Low
CVE-2024-45310 was published for github.com/opencontainers/runc (Go) Sep 3, 2024
rata alban
cyphar sdowell
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink)... Moderate Unreviewed
CVE-2024-39578 was published Aug 31, 2024
In aiohttp, compressed files as symlinks are not protected from path traversal Moderate
CVE-2024-42367 was published for aiohttp (pip) Aug 9, 2024
steverep
An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows... High Unreviewed
CVE-2024-22014 was published Apr 15, 2024
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink)... Moderate Unreviewed
CVE-2024-25952 was published Mar 28, 2024
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink)... Moderate Unreviewed
CVE-2024-25953 was published Mar 28, 2024
An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp... High Unreviewed
CVE-2023-41969 was published Mar 26, 2024
Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52... High Unreviewed
CVE-2024-1933 was published Mar 26, 2024
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma... High Unreviewed
CVE-2024-23285 was published Mar 8, 2024
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server... Moderate Unreviewed
CVE-2023-39246 was published Nov 16, 2023
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following High
CVE-2023-25152 was published for github.com/pterodactyl/wings (Go) Feb 8, 2023
astro-angelfish
A symlink following vulnerability was found in Samba, where a user can create a symbolic link... Moderate Unreviewed
CVE-2022-3592 was published Jan 12, 2023
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following Moderate
CVE-2021-4287 was published for binwalk (pip) Dec 27, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of... High Unreviewed
CVE-2021-32000 was published May 24, 2022
Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote... Moderate Unreviewed
CVE-2021-32509 was published May 24, 2022
A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a... High Unreviewed
CVE-2021-32518 was published May 24, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise... High Unreviewed
CVE-2021-25321 was published May 24, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2... High Unreviewed
CVE-2021-25322 was published May 24, 2022
a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2,... High Unreviewed
CVE-2021-31997 was published May 24, 2022
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it... High Unreviewed
CVE-2020-15075 was published May 24, 2022
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server Moderate
CVE-2022-24904 was published for github.com/argoproj/argo-cd/v2 (Go) May 23, 2022
crenshaw-dev tdunlap607
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman... High Unreviewed
CVE-2022-21944 was published Jan 27, 2022
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following High
CVE-2021-39134 was published for @npmcli/arborist (npm) Aug 31, 2021
ginkoid chen-robert
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database